How to get random subset of large rrset (30+ IPs for round robin)?
Grant Taylor
gtaylor at tnetconsulting.net
Fri Mar 20 20:23:35 UTC 2020
On 3/20/20 1:14 AM, David Klatt wrote:
> Hi,
Hi,
> Now I'd like bind to just return a random subset of e.g. 5 IP
> addresses if someone requests this A record.
Hum. That sounds quite contrary to the typical BIND behavior.
> Reason for this are in my case some (thousands) older clients (that I
> can't control) that seem not being able to handle that many IPs - the
> OS resolver just returns an error.
Ugh.
> For my use case I absolutely need to make sure that each IP of that
> large A record set is given out equally (statistically) and that at
> any time when bind answers that one A record it only returns a random
> subset of all these IPs.
I question if you need "random" or if "round robin" (rotating) would
work. Do they need to be truly random? Or would simply circulating a
(possibly randomized) list suffice?
> Has someone an idea on how to achieve the latter?
If cycling through a list would be sufficient, you might consider
looking at Dynamically Loadable Zones and Response Policy Service.
You might be able to create a custom DLZ driver that:
- returned a sub-set of the results of it's own DNS query
- returned a sub-set of the rotating list of all of the A records
You might be able to create an RPS that would alter the reply before
it's sent to clients.
Note: My understanding is that RPS is for DNS what milters are for
Sendmail.
Finally, I don't know if will align with your needs or not, but you
might consider a forward zone pointing to a custom DNS server.
> Thanks a lot in advance!
You're welcome. Good luck. I'd be curious to learn what you end up doing.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200320/4de6368b/attachment.bin>
More information about the bind-users
mailing list