Greetings!
I know this presentation is over 3 years old, but I’ve been looking over the changelogs and tried a few searches but I have not been able to find an answer. They discuss the selection of Name Servers in various different recursive DNS servers and the methods these servers use. I was wondering if there has been any change in this area, if not then what’s the flaw in their logic? Maybe it’s worth considering?
AFAIK there were no big changes in Unbound’s NS selection algorithm for years.
In Aug 2013 researchers pointed out the flaw in BIND9’s nameserver
selection algorithm that attackers could subvert randomization of NS selection [1].
ISC stated that it is not considered a security vulnerability but they also stated that
the algorithm will be improved [2]. I don’t know further status of BIND9’s implementation.