On Tue, Feb 10, 2015 at 03:28:10PM -0800, Paul Vixie wrote: > > > > bert hubert <mailto:[email protected]> > > Tuesday, February 10, 2015 3:02 AM > > Hi everybody, > > > > Recently at a large deployment, we ran into f.root-servers.net returning > > TC=1 to all our queries. We took this up with ISC who quickly informed us > > that this is a setting they run with if you exceed more than 5 NXDOMAIN > > responses/s. > > have you looked at http://www.redbarn.org/dns/ratelimits (DNS RRL)?
We lovingly cloned it into a superset even ;-) http://7bits.nl/tmp/unlisted/lua-policy-engine.html > i think you'll see that it's not pure TC=1, but rather, some drops with > occasional TC=1's. Out of a 1000 packets, I get 994 TC=1 and 6 regular answers. Bert _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
