[dns-operations] Root-servers returning TC=1 after 5 NXDOMAINS

Paul Vixie paul at redbarn.org
Wed Feb 11 21:39:07 UTC 2015



> bert hubert <mailto:bert.hubert at netherlabs.nl>
> Wednesday, February 11, 2015 2:00 AM
> On Tue, Feb 10, 2015 at 03:28:10PM -0800, Paul Vixie wrote:
>
>> have you looked at http://www.redbarn.org/dns/ratelimits (DNS RRL)?
>
> We lovingly cloned it into a superset even ;-)
> http://7bits.nl/tmp/unlisted/lua-policy-engine.html

looks nice, even if it is in C++ :-).
>
>> i think you'll see that it's not pure TC=1, but rather, some drops with
>> occasional TC=1's.
>
> Out of a 1000 packets, I get 994 TC=1 and 6 regular answers.

that is NOT a recommended configuration. i suspect that f-root has
changed the default "slip" and "drop" values. a lot of people fear
drops. RRL drops deliberately, and this behaviour must not be disabled.

-- 
Paul Vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150211/6f266c54/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postbox-contact.jpg
Type: image/jpeg
Size: 1220 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150211/6f266c54/attachment.jpg>


More information about the dns-operations mailing list