[dns-operations] Root-servers returning TC=1 after 5 NXDOMAINS

Paul Hoffman paul.hoffman at vpnc.org
Wed Feb 11 23:17:06 UTC 2015

On Feb 11, 2015, at 1:30 PM, Paul Vixie <paul at redbarn.org> wrote:
> 25/sec will not be enough for large rdns plants.

That sounds specific enough that you have actual data to back this up; if so, I'm quite interested in it.

> that's why the default policy for slip and drop is so important. f-root's team must have overridden those, probably because various people have spread some FUD about drops.

You might be willing to say what the f-root team did, and why they did it, even without being on the team, but I'm not.

> this work came out of ddos work not dns work. after the tenth anniversary of SAC004 came and went, with more rather than fewer edges lacking SAV. 25/sec of signed nxdomain is enough to overload any DSL circuit. i'd be happy to work with you to find an upper limit.

OK, now it sounds like you don't have actual data yet. N'r mind.

--Paul Hoffman

More information about the dns-operations mailing list