On 2017-02-20 2:00 PM, Максим Подлесный wrote:
In the log we had only: Sending SERVFAIL to 127.0.0.1 during resolve of '9p.com <http://9p.com>.' because: Too much time waiting for 9p.com.|A, timeouts: 1, throttles: 0, queries: 4, 6497msec dig works fine but slow (about 5-6 sec for this domains)
You may want to check a full trace to that example from your site and see all the timeouts, and/or tcpdump to prove it to yourself.
They may also be rate limiting you if one of your clients is relaying a random subdomain attack against one of these domains.
You'd need to increase two timeouts if you wanted to avoid this (the per-NS 1500ms one and the overall 7000ms query timeout). Most clients will give up after that long though, but hopefully a cache hit on the next try.
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
