On Wed, Feb 11, 2015 at 05:44:18AM +0800, Jim Martin wrote:
> This is certainly not our intention for legitimate queries, but as
> others have stated, very likely a side effect of running RRL. Are you
> seeing this anytime you get 5 NXDOMAINs/s (on any query), or anytime you
> get 5 NXDOMAINs/s for the same query? If it’s only when you’re asking the
> exact same question over and over (as your example code indicates), it may
> not be easily distinguishable from attack behaviour.
Hi Jim,
these are unique queries, the name changes for each one. But as Paul Vixie
elucidated, from the root-server perspective, these are all answers from one
zone though, the root zone. And that is where RRL kicks in.
From the discussion, I gather multiple people think 5/s is a very low limit,
and that 25/s might work better.
> I’ll have some of my team look into it and get back to you. Thanks for
> bringing this up!
Thanks!
Bert
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
