[dns-operations] Odd MX queries
Vernon Schryver
vjs at rhyolite.com
Mon Mar 11 17:07:02 UTC 2013
> From: Daniel Stirnimann <daniel.stirnimann at switch.ch>
> I'm using the current BIND9 9.8.4 RPZ+RRL patch. It's completely evading
> DNS-RRL on the tld-nameserver where a lot of different query-names and
> the RCODE is NOERROR.
All of the domains in the first list in your previous message
give me NXDOMAIN.
How is it evading the the BIND9 RRL referral limit on your TLD server?
> On the 2nd-level name-server the MX query rate is only about 120 qps. I
> guess it's too few queries to trigger my "generous" DNS-RRL config. I
> have response-per-second 20.
>
> For example, within 15 minutes 81 different query-names are sent. The
> domain which is queried the most is used 186 times within 15 minutes.
> That's way below the DNS-RRL config threshold. However, it's nothing
> which concerns me. As said, the abusive traffic on the 2nd-level
> names-server is quite low. On the tld name-server it was different.
Yes, 81 names/15 minutes is only about 0.1 qps.
Vernon Schryver vjs at rhyolite.com
More information about the dns-operations
mailing list