<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body text="#000000" bgcolor="#FFFFFF"><br>
<br>
<blockquote style="border: 0px none;"
cite="mid:237B7CEF-956D-4A37-ABC3-D4F9E29BD77C@vpnc.org" type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="display:table;width:100%;border-top:1px solid
#EDEEF0;padding-top:5px"> <div
style="display:table-cell;vertical-align:middle;padding-right:6px;"><img
photoaddress="paul.hoffman@vpnc.org" photoname="Paul Hoffman"
src="cid:part1.03010807.08090009@redbarn.org"
name="compose-unknown-contact.jpg" width="25px" height="25px"></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a moz-do-not-send="true" href="mailto:paul.hoffman@vpnc.org"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Paul Hoffman</a></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;">
<font color="#9FA2A5"><span style="padding-left:6px">Wednesday,
February 11, 2015 3:17 PM</span></font></div></div></div>
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><pre wrap="">On Feb 11, 2015, at 1:30 PM, Paul Vixie <a class="moz-txt-link-rfc2396E" href="mailto:paul@redbarn.org"><paul@redbarn.org></a> wrote:
</pre><blockquote type="cite"><pre wrap="">25/sec will not be enough for large rdns plants.
</pre></blockquote><pre wrap=""><!---->
That sounds specific enough that you have actual data to back this up; if so, I'm quite interested in it.</pre></div>
</blockquote>
<br>
a busy RDNS that isn't doing Q-M often asks more than 25 bad-TLD queries
per second. see OARC DITL data.<br>
<blockquote style="border: 0px none;"
cite="mid:237B7CEF-956D-4A37-ABC3-D4F9E29BD77C@vpnc.org" type="cite">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody">
<pre wrap="">
</pre>
<blockquote type="cite"><pre wrap="">that's why the default policy for slip and drop is so important. f-root's team must have overridden those, probably because various people have spread some FUD about drops.
</pre></blockquote><pre wrap=""><!---->
You might be willing to say what the f-root team did, and why they did it, even without being on the team, but I'm not.</pre></div>
</blockquote>
<br>
DNS RRL does not do 996 slips and four responses in a second under any
default config.<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:237B7CEF-956D-4A37-ABC3-D4F9E29BD77C@vpnc.org" type="cite">
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody">
<pre wrap="">
</pre>
<blockquote type="cite"><pre wrap="">this work came out of ddos work not dns work. after the tenth anniversary of SAC004 came and went, with more rather than fewer edges lacking SAV. 25/sec of signed nxdomain is enough to overload any DSL circuit. i'd be happy to work with you to find an upper limit.
</pre></blockquote><pre wrap=""><!---->
OK, now it sounds like you don't have actual data yet. N'r mind.
</pre></div>
</blockquote>
<br>
3000 bytes X 25/sec X 13 root name servers X 8 bits =
7.8Megabits/second.<br>
<br>
by the way that level of snark is unusual for you. i'm sorry for peeving
you out of your comfort zone.<br>
<br>
<div class="moz-signature">-- <br>Paul Vixie<br>
</div>
</body></html>