Hi Joe,
> I don't think it's a reasonable characterisation to link the
> availability of European-based authoritative servers to the ability
> for Europeans to send mail to Americans. So long as *some*
> authoritative servers for .us were responding, and so long as the
> "mitigation" didn't involve returning false answers, mail would still
> be delivered; just the recursive MX lookup would take longer.
At least in my and Peter van Dijks tests no European v4 connected
cctld.us Server did respond to MX queries with a referral. So the 66k
dot us domains my employer hosts where effectively offline.
Thomas
On 03/27/2013 08:10 PM, Joe Abley wrote:
On 2013-03-27, at 14:39, Thomas Mieslinger <[email protected]> wrote:
--snip--
We have corrected the issue that was blocking email/MX queries to US domain
names from Europe.
Neustar had noticed a MX spike in it's servers in Europe over the weekend, and
to stop any negative effects, we placed those servers in mitigation. We have
modified the mitigation to block all inbound MX queries from recursive servers
with the recursive bit turned off, and all email from Europe to .US domain
names will now be delivered correctly.
--snap--
That seems like a curious mitigation tactic.
I would worry, though, that timing out on MX queries specifically would cause use of
those European nameservers to be suppressed for other RRTypes, too. That would amount to
a wholesale shifting of query traffic from European .us nameservers to those elsewhere
without the "mitigation".
The apparent availability and non-availability of those particular servers from
the point of view of caches would make capacity planning difficult. The
difficulty in diagnosing problems at end-sites is already evident.
There are a lot of moving parts there, and a lot of unpredictable behaviours. I
wouldn't have taken that approach to defend against MX spikes.
Joe
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
