[dns-operations] Who Ignores TTLs ?

Robert Edmonds edmonds at isc.org
Mon Feb 21 21:17:46 UTC 2011


Roy Arends wrote:
> We very often see a massive amount of request from a single address,
> for a single domain name. Sometimes 200-300 queries within a few
> hundred milliseconds (with an average delta of 3 milliseconds between
> queries). The load vaporizes as soon as the resolver receives the
> first response we send. This is not a DDoS, and normally, this will be
> hidden in the noise and thunder of the regular load. 

this sounds like a resolver that doesn't perform query merging
(VU#457875).

-- 
Robert Edmonds
edmonds at isc.org



More information about the dns-operations mailing list