[dns-operations] dns-operationsMysteries of DNSSEC
John R Levine
johnl at taugh.com
Tue Apr 2 16:03:55 UTC 2024
> "John Levine" <johnl at taugh.com> writes:
>
>> Another surprise is that I'm getting a lot of repeated DNSKEY queries
>> even though the TTL is an hour. One repeat customer is Cloudflare,
>> another is pfsense22.plan-gis.net, at some random company in Germany.
>
> Do check/worry about DDoS reflections from UDP requests for DNSKEYs. A
> number of addresses out there do seem to always request large packet
> type responses, which is always questionable. Making sure something
> like RRL is on/implemented is a good thing to do as well.
In this case it's a lot for my tiny server but the total is still only a
few queries per second.
I also get a great deal of junk queries for people who seem to have very
peculiar ideas of what my server does. I've tried various ways to make
them go away such as a referral to an NS that resolves to 127.0.0.1 or a
giant referral to a dozen randomly named NS each with a dozen random IP
addresses. Didn't help.
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
More information about the dns-operations
mailing list