[dns-operations] dns-operationsMysteries of DNSSEC

John R Levine johnl at taugh.com
Tue Apr 2 16:03:55 UTC 2024

> "John Levine" <johnl at taugh.com> writes:
>> Another surprise is that I'm getting a lot of repeated DNSKEY queries
>> even though the TTL is an hour. One repeat customer is Cloudflare,
>> another is pfsense22.plan-gis.net, at some random company in Germany.
> Do check/worry about DDoS reflections from UDP requests for DNSKEYs.  A
> number of addresses out there do seem to always request large packet
> type responses, which is always questionable.  Making sure something
> like RRL is on/implemented is a good thing to do as well.

In this case it's a lot for my tiny server but the total is still only a 
few queries per second.

I also get a great deal of junk queries for people who seem to have very 
peculiar ideas of what my server does.  I've tried various ways to make 
them go away such as a referral to an NS that resolves to or a 
giant referral to a dozen randomly named NS each with a dozen random IP 
addresses.  Didn't help.

John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

More information about the dns-operations mailing list