[dns-operations] L-Root Maintenance 2010-01-27 1800 UTC - 2000 UTC
Duane Wessels
wessels at dns-oarc.net
Tue Feb 2 00:55:37 UTC 2010
On Tue, 2 Feb 2010, Ray.Bellis at nominet.org.uk wrote:
> > When viewed as packets per protocol, TCP for Lax3 goes from nil to around 10%.
> >
> > http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?
> > window=604800&node=lax3&key=tcp&plot=direction_vs_ipproto&server=L-
> > root&yaxis=percent
> >
> > This leads one to assume that for every TCP query, tens times the
> > number of packets are generated. Is this correct?
>
> Curious - if anything it's more than 10 times, maybe as much as 20 times. I might expect a minimum TCP handshake's
> worth as a multiplier, but not a 20x increase in queries vs packets.
>
> But, does that graph only show port 53 IP traffic, or might it be including something else (e.g. downloading of server
> logs) which is excluded from the "DNS Transport" graph ?
DSC's "IP Protocols" show *all* TCP packets. This includes SYNs
and empty ACKs.
It includes all ports (not just 53) so that operators might be able
to see something like a DDoS attack that doesn't happen to hit port
53.
When I mentally compare the "IP Protocols" and the "DNS Transport"
graphs, looks to me like its about 8 TCP packets per TCP DNS query...?
DW
More information about the dns-operations
mailing list