rrset-roundrobin
Shumon Huque
shuque at gmail.com
Fri Apr 10 05:04:41 UTC 2020
On Thu, Apr 9, 2020 at 7:28 AM George Thessalonikefs via Unbound-users <
unbound-users at lists.nlnetlabs.nl> wrote:
> Hi all,
>
> We recently got a feature request
> (https://github.com/NLnetLabs/unbound/issues/215) to change the default
> value of 'rrset-roundrobin' from no to yes.
> Given that we don't have strong feelings either way I am reaching out to
> you in case you feel opposed to the change.
>
By roundrobin, do you mean rotating the RRset order (by a fixed degree)?
Or randomizing the order? The latter would be better. It has been observed
on the IETF dnsop list in the past, that rotating schemes are a side channel
that could be used to leak information when using encrypted transports. So,
if we want side channel resistance, randomizing is always better.
Shumon Huque.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200410/c9c1fcc4/attachment.htm>
More information about the Unbound-users
mailing list