> bert hubert <mailto:[email protected]> > Wednesday, February 11, 2015 2:00 AM > On Tue, Feb 10, 2015 at 03:28:10PM -0800, Paul Vixie wrote: > >> have you looked at http://www.redbarn.org/dns/ratelimits (DNS RRL)? > > We lovingly cloned it into a superset even ;-) > http://7bits.nl/tmp/unlisted/lua-policy-engine.html
looks nice, even if it is in C++ :-). > >> i think you'll see that it's not pure TC=1, but rather, some drops with >> occasional TC=1's. > > Out of a 1000 packets, I get 994 TC=1 and 6 regular answers. that is NOT a recommended configuration. i suspect that f-root has changed the default "slip" and "drop" values. a lot of people fear drops. RRL drops deliberately, and this behaviour must not be disabled. -- Paul Vixie
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
