[dns-operations] rate-limiting state
paul at redbarn.org
Fri Feb 7 00:46:07 UTC 2014
Damian Menscher wrote:
> My recommendation (which Vixie and Vernon disagree with) is to use RRL
> with slip=1 -- return TC=1 responses to all queries over the limit.
my disagreement is explained in detail here:
> This ensures your legitimate users can get through with a TCP request,
> rather than having to attempt multiple retries before learning to
> retry over TCP. Does slip=1 address your concerns?
> Of course TCP isn't perfect -- it has higher latency and
> per-connection costs -- but at least it ensures your legitimate users
> can't be affected by the RRL.
it does not. see [ibid].
More information about the dns-operations