[dns-operations] rate-limiting state

Paul Vixie paul at redbarn.org
Fri Feb 7 00:46:07 UTC 2014

Damian Menscher wrote:
> ...
> My recommendation (which Vixie and Vernon disagree with) is to use RRL
> with slip=1 -- return TC=1 responses to all queries over the limit.

my disagreement is explained in detail here:


> This ensures your legitimate users can get through with a TCP request,
> rather than having to attempt multiple retries before learning to
> retry over TCP.  Does slip=1 address your concerns?
> Of course TCP isn't perfect -- it has higher latency and
> per-connection costs -- but at least it ensures your legitimate users
> can't be affected by the RRL.

it does not. see [ibid].


More information about the dns-operations mailing list