[dns-operations] Cloudflare considered harmful?

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Apr 17 21:38:30 UTC 2020


On Fri, Apr 17, 2020 at 01:19:02PM -0700, Marek Vavruša wrote:

> This should be fixed as of yesterday.

Thanks!  Yep, it is working now:

    $ hsdig -n 1.1.1.1 -t soa _25._tcp.blue.xy1.nl.
    ; NoError AD=1
    _tcp.blue.xy1.nl. IN DNAME _tcp.xy1.nl.
    _25._tcp.blue.xy1.nl. IN CNAME _25._tcp.xy1.nl.
    _25._tcp.xy1.nl. IN CNAME _dane.xy1.nl.
    xy1.nl. IN SOA ns1.xy1.nl. dns at xy1.nl. 2020030334 86400 7200 3628800 300

I'm also seeing much better performance from the DANE survey today,
somehow between Cloudflare, Verisign, Google and Quad9 the throughput is
today at ~850 domains/sec ~1.6x higher than prior at ~540/sec.  Some
stats from dnsdist:

    Address           Qps    Wt    Lat 
    1.0.0.1         507.1   800  215.1
    1.1.1.1         519.5   800  227.6
    64.6.64.6       521.7   800  156.3
    64.6.65.6       536.3   800  179.3
    8.8.4.4         232.5   400  175.5
    8.8.8.8         251.6   400  168.9
    9.9.9.10        145.8   200  236.6
    149.112.112.10  124.8   200  265.8
    All            2835.0       

-- 
    Viktor.


More information about the dns-operations mailing list