On 30 Mar 2024, at 19:18, John Levine <[email protected]> wrote: > The first surprise I found is that once I turned it on, nearly every > query, like 99%, asks for DNSSEC. Is this typical or do I have an odd > set of clients?
If you mean almost all queries had EDNS(0) and DO=1 then I think that's typical. > Another surprise is that I'm getting a lot of repeated DNSKEY queries > even though the TTL is an hour. One repeat customer is Cloudflare, > another is pfsense22.plan-gis.net, at some random company in Germany. > My theories are A) a bunch of different caches behind a load balancer, > B) a too small cache, C) buggy software. I am not very familiar with 1.1.1.1's internals, so I could guess but that doesn't seem very helpful. If you'd like an introduction to the people who run it I can make one. Joe _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
