Full_Name: Sergio Gelato Version: 2.4.40 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (85.225.123.131)
As part of ITS#7027, a simple PRNG was added to libraries/libldap/dnssrv.c in order to implement shuffling of SRV RRs as per RFC2782.
I see two shortcomings with the way this generator is being seeded.
(1) The seed is a very slowly varying function of time: (float)time(NULL) / (2**32-1). The mantissa of an IEEE754 float has 24 bits, so one only gets a new seed every 2**7 seconds with the current seeding method.
(2) At any given time, all clients areikikely to use the same seed and therefore pick the same SRV record. This means the load on individual servers will fluctuate a lot more than if the clients picked records in an uncorrelated fashion.
To fix (1) I think we need to hash the seed so that it is much more sensitive to the least significant bit of the current time value. (2) can be addressed by mixing in some value that varies from client to client; maybe the 16-bit DNS query ID is most readily available (as the first two bytes of the reply buffer; I hope all implementations of res_query() return it). Come to think of it, shifting the query ID up by 15 bits and XORing with the current time might be good enough.