The NS1 filter chain supports several types of “STICKY” filters: STICKY_SHUFFLE, GROUP_STICKY_SHUFFLE, and WEIGHTED_STICKY_SHUFFLE. The goal of the STICKY family of filters is to distribute traffic across multiple answers while ensuring DNS queries from the same source IP address are handled in a consistent way over time. Because NS1 is not queried directly by end users, but rather via DNS resolvers, the “stickiness” enabled by these filters is with respect to the DNS resolver’s IP – not that of the end user. The exception is when the DNS resolver supports edns-client-subnet (ECS) and ECS support is enabled for the DNS record, in which case the stickiness is with respect to the IP prefix contained in the ECS data sent in the DNS query.
Each of the STICKY filters behaves differently:
- STICKY_SHUFFLE: performs a shuffle that ensures that for the same requester or subnet, the answers input to the filter are always returned in the same order in the filter’s output.
- GROUP_STICKY_SHUFFLE: ensures that for the same requester or subnet, the groups of answers input to the filter are always returned in the same order in the filter’s output. Answers within the groups may be output in any order. Commonly, GROUP_STICKY_SHUFFLE is combined with SELECT_FIRST_GROUP to ensure the same requester is directed to the same group of answers.
- WEIGHTED_STICKY_SHUFFLE: similar to STICKY_SHUFFLE, except that instead of returning the answers in a random (but consistent by requester) order, the answers are returned in an order that ensures higher weighted answers are earlier in the ordering more often. This behavior is very similar to WEIGHTED_SHUFFLE, except that the shuffling is always the same for the same requester IP or subnet.