> From: Daniel Stirnimann <[email protected]> > So, its clearly not normal resolver behavior as the query question is > not repeated and the RD bit is set (EDNS0 and DO bit is not used/set). > The client is using a large number of different domains and so evading > DNS-RRL. For example, within 15 minutes 3070 different query-names are > used. Within 60 minutes 4716 and within 4 hours 11193 different > query-names. The query-name which is repeated most is asked every 6-7 > seconds. > > Has anyone an idea what the source of this traffic pattern is? It's also > interesting to note that quite a lot of 2nd-level queries result in > NXDOMAIN responses.
Which RRL implementation are you using? If it is the BIND9 RRL implementation, then how are the NXDOMAIN responses evading that limit? Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
