How to get random subset of large rrset (30+ IPs for round robin)?

[Grant Taylor]

On 3/20/20 1:14 AM, David Klatt wrote:
> Hi,

Hi,

> Now I'd like bind to just return a random subset of e.g. 5 IP 
> addresses if someone requests this A record.

Hum.  That sounds quite contrary to the typical BIND behavior.

> Reason for this are in my case some (thousands) older clients (that I 
> can't control) that seem not being able to handle that many IPs - the 
> OS resolver just returns an error.

Ugh.

> For my use case I absolutely need to make sure that each IP of that 
> large A record set is given out equally (statistically) and that at 
> any time when bind answers that one A record it only returns a random 
> subset of all these IPs.

I question if you need "random" or if "round robin" (rotating) would 
work.  Do they need to be truly random?  Or would simply circulating a 
(possibly randomized) list suffice?

> Has someone an idea on how to achieve the latter?

If cycling through a list would be sufficient, you might consider 
looking at Dynamically Loadable Zones and Response Policy Service.

You might be able to create a custom DLZ driver that:
  - returned a sub-set of the results of it's own DNS query
  - returned a sub-set of the rotating list of all of the A records

You might be able to create an RPS that would alter the reply before 
it's sent to clients.

Note:  My understanding is that RPS is for DNS what milters are for 
Sendmail.

Finally, I don't know if will align with your needs or not, but you 
might consider a forward zone pointing to a custom DNS server.

> Thanks a lot in advance!

You're welcome.  Good luck.  I'd be curious to learn what you end up doing.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200320/4de6368b/attachment.bin>