On Thursday, August 02, 2018 18:13:21 Randy Bush wrote:
> > We run about 300 TLD's on our DNS platform and get roughly 5-10% TCP
> > queries.
>
> that is quite a variance
>
> > In comparison, we get about 25-30% IPv6 queries.
>
> wonder how that compares to others
>
On the secondaries for a
Randy Bush wrote:
>
> an aside: folk seem to be in the 20% range for ipv6, while overall
> backbone traffic stats are about half that. are dns caches more likely
> to be v6 enabled than the average bear?
I get the impression from various discussions that yes, they are. Actual
citation:
> We have slightly less then 25% for IPv6 queries.
> And about 4-5% TCP queries.
considering we share the load of the same non-trivial signed cctld, i
should be seeing similarly. though i am sure both of us serve a few
more . and tony and hugo (the latter privately) are seeing similar,
though
Matus UHLAR - fantomas wrote:
> On 03.08.18 15:09, Tony Finch wrote:
> > minimal-any definitely reduces truncated responses - that's why I
> > implemented it :-)
>
> - are they so common that it does matter?
Well, they used to be, but Chris Thompson and I have done a lot to make
ANY queries on
On 03.08.18 12:10, Tony Finch wrote:
> I have a few config options which can affect TCP usage. These two should
> reduce it:
>
>minimal-responses yes;
>minimal-any yes;
Matus UHLAR - fantomas wrote:
I don't think so. minimal-responses only skip unnecessary info, so they
should have
Matus UHLAR - fantomas wrote:
>
> it's the max-udp-size 1420 apparently.
>
> I set it to similar value because of problematic L3 switch in front of our
> DNS servers long ago.
>
> Should not be needed now.
I don't have that because of my network (which works OK), but because of
other people's
Matus UHLAR - fantomas wrote:
> On 03.08.18 12:10, Tony Finch wrote:
> > I have a few config options which can affect TCP usage. These two should
> > reduce it:
> >
> > minimal-responses yes;
> > minimal-any yes;
>
> I don't think so. minimal-responses only skip unnecessary info, so they
Daniel Stirnimann wrote:
>> In comparison, we get about 25-30% IPv6 queries.
We have slightly less then 25% for IPv6 queries.
On 03.08.18 12:19, Tony Finch wrote:
Hmm, I have 20% on one server and 22% on another.
it's the max-udp-size 1420 apparently.
I set it to similar value because
Randy Bush wrote:
estimate or measure the distribution of the ratio of udp to tcp queries
on say 100 cctld servers.
On 03.08.18 12:10, Tony Finch wrote:
On a recently rebooted auth server, which hosts zones for a handful of
universities with and without DNSSEC, slightly less than 1% of
Daniel Stirnimann wrote:
> >> In comparison, we get about 25-30% IPv6 queries.
>
> We have slightly less then 25% for IPv6 queries.
Hmm, I have 20% on one server and 22% on another.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
a fair voting system for all elections
Randy Bush wrote:
>
> estimate or measure the distribution of the ratio of udp to tcp queries
> on say 100 cctld servers.
On a recently rebooted auth server, which hosts zones for a handful of
universities with and without DNSSEC, slightly less than 1% of queries are
over TCP.
$ curl -Ssf
On 03.08.18 03:13, Randy Bush wrote:
>> We run about 300 TLD's on our DNS platform and get roughly 5-10% TCP
>> queries.
>
> that is quite a variance
>
>> In comparison, we get about 25-30% IPv6 queries.
>
> wonder how that compares to others
We have slightly less then 25% for IPv6 queries.
> We run about 300 TLD's on our DNS platform and get roughly 5-10% TCP
> queries.
that is quite a variance
> In comparison, we get about 25-30% IPv6 queries.
wonder how that compares to others
thanks for actual data
randy
___
Please visit
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
> Randy Bush
> Sent: Friday, 3 August 2018 6:08 AM
>
> >> ... are there that many folk doing tcp out there?
> > All name servers fall back to TCP when they receive truncated replies.
>
> we
> ... are there that many folk doing tcp out there?
All name servers fall back to TCP when they receive truncated
replies.
>>>
>>> we know the protocol. [ and we know folk have idiot middleboxen ]
>>>
>>> what i was asking was the distribution of this in the wild
>>
>> one word:
On Thursday, August 02, 2018 22:12:38 Reindl Harald wrote:
>
> Am 02.08.2018 um 22:07 schrieb Randy Bush:
> >>> ... are there that many folk doing tcp out there?
> >> All name servers fall back to TCP when they receive truncated replies.
> >
> > we know the protocol. [ and we know folk have
>> estimate or measure the distribution of the ratio of udp to tcp
>> queries on say 100 cctld servers
>
> bla - 512 bytes are easily exceeded
>
> more than 10 years ago i also thought i am smart and TCP 53 is only
> needed for zone-transfers until i realized that random e-mail errors
> where
On 08/02/2018 04:16 PM, Randy Bush wrote:
it is in a contest with ipv6 for non-deployment
I read this mail list ALL the time and finally something appears that
quite literally made me call over a few guys to point at my screen.
Well done. Let's make up a tee-shirt with that on it :
... are there that many folk doing tcp out there?
>>> All name servers fall back to TCP when they receive truncated replies.
>>
>> we know the protocol. [ and we know folk have idiot middleboxen ]
>>
>> what i was asking was the distribution of this in the wild
>
> one word: DNSSEC
i.e.
>> ... are there that many folk doing tcp out there?
> All name servers fall back to TCP when they receive truncated replies.
we know the protocol. [ and we know folk have idiot middleboxen ]
what i was asking was the distribution of this in the wild.
randy
On Thursday, August 02, 2018 12:58:32 Randy Bush wrote:
> ... are there that many folk doing tcp out there?
>
All name servers fall back to TCP when they receive truncated replies.
--
Greg Rivers
___
Please visit
> mdig @147.28.0.39 -f queries.txt
>
> queries.txt contains 40x
> switch.ch A
>
> I would suggest something like this:
>
> rate-limit {
>// start rate-limiting if more then X identical
>// responses per second, default 0 i.e. unlimited
>responses-per-second 25;
>
Hello Randy,
> so, i guess there is a named tcp dos going around. using bind9, is
> there an amelioration? or am i misconfigured in some way?
It looks to me that this is a side effect of a very permissive RRL
configuration. My tests with the following command indicate that you
have set
23 matches
Mail list logo
