On 2013-08-21 19:36, Geoff Huston wrote:
...
truncated TCP. 0.4% of them appear to have some inbound TCP-blocking
firewall/filter. ...
...
I may have missed this in the original posting and this thread, but
this is the first time I've seen this brought up here. This is a
particular problem
On 21 Aug 2013, at 11:00, Geoff Huston g...@apnic.net wrote:
Yes, our goal was to test out the asserting in RFC5966 that: The majority of
DNS server operators already support TCP and we wanted to see if we could
quantify what that majority actually was.
[I've been on holiday, so apologies
+1
I would love to see more discussion on the implication of it's findings than
the semantics of how they were presented. There is a lot to learn from the
information the measurement has delivered.
On 8/22/13 2:14 PM, Fred Morris m3...@m3047.netmailto:m3...@m3047.net
wrote:
On Wed, 21 Aug
Thanks for the clarification. We did in fact detect initial configuration
issues with the default TCP 3 backlog, but once we'd put this up to 2000 we
only had one brief window of RST congestion as detected by a simple TCP
filter. This test was for a domainspace which serves around 250,000
Yes, our goal was to test out the asserting in RFC5966 that: The majority of
DNS server operators already support TCP and we wanted to see if we could
quantify what that majority actually was.
What we found out was that of the DNS resolvers that were visible to the
authoritative name server,
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
them aussies certainly know how to do a nice bit of wide-scale
measurement. now we can descend into the religions un-asserted
implications violate.
randy
___
dns-operations mailing
On Wed, 21 Aug 2013, Dobbins, Roland wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
I didn't even get far enough to get to the parts Vixie seems to object to.
It was too painful to read. It's in desperate need of proof-reading and
copy editing. Was this
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols
disappointed me with this characterization of RRL:
There is a conversation thread that says that resolvers should
implement response rate limiting (RRL), and silently discard
repetitive queries that exceed some
From: Geoff Huston g...@apnic.net
On the other hand its no more serious than any other form of small
TCP transaction based services that are subjected to massive volumes,
such as, say, a search engine front end.
Isn't that why HTTP, SMTP, and other TCP transaction services have
been changed
BTW, The goal of OpenResolverProject was to have an inventory so folks could
measure against attacks and determine what % of attacks utilized them.
The list is available in weekly format to security teams to download in bulk so
they can use tools like GrepCidr to perform this cross-reference.
On Wed, Aug 21, 2013 at 03:14:59PM +, Vernon Schryver wrote:
HTTP, SMTP, ando other TCP transaction applications? Could the gTLD
roots exist in anything like their current forms if DNS transactions
cost as many CPU and stable storage computrons as an HTTP GET of
a purely static page
Moin!
On 21.08.2013, at 08:18, Jared Mauch ja...@puck.nether.net wrote:
The unexpected results of the data were knowing that ~46% are just a broken
CPE device that does something weird with DNS packets.
Well they mostly proxy that query to their ISPs resolver, who as it came from
an address
Vernon Schryver wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols
disappointed me with this characterization of RRL:
There is a conversation thread that says that resolvers should
implement response rate limiting (RRL), and silently discard
repetitive
-oarc.net
Subject: Re: [dns-operations] Geoff Huston on DNS-over-TCP-only study.
Vernon Schryver wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols
disappointed me with this characterization of RRL:
There is a conversation thread that says that resolvers should
On 22/08/2013, at 9:36 AM, Geoff Huston g...@apnic.net wrote:
On 22/08/2013, at 12:36 AM, Jon Lewis jle...@lewis.org wrote:
On Wed, 21 Aug 2013, Dobbins, Roland wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
I didn't even get far enough to get to the
Geoff Huston wrote:
...
So here is what I would say to this audience:
...
thank you geoff, i understand it now.
vixie
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Geoff,
I personally think this is really interesting work. A question about
methodology:
On Aug 21, 2013, at 4:36 PM, Geoff Huston g...@apnic.net wrote:
- Our experiment used a modified DNS server that truncated all UDP at 512
bytes, and over 10 days we enlisted some 2 million end clients to
On 22/08/2013, at 10:32 AM, David Conrad d...@virtualized.org wrote:
Geoff,
I personally think this is really interesting work. A question about
methodology:
On Aug 21, 2013, at 4:36 PM, Geoff Huston g...@apnic.net wrote:
- Our experiment used a modified DNS server that truncated all
Geoff's original article is here (in potaroo.net)
A Question of DNS Protocols
http://www.potaroo.net/ispcol/2013-09/dnstcp.html
It also describes the open resolver project as a name and shame approach.
(I have quoted below, and IMHO, certainly this approach is effective)
The open resolver
Dobbins, Roland wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
canard.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
On 21/08/2013, at 3:23 PM, Paul Vixie p...@redbarn.org wrote:
Dobbins, Roland wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
canard.
We invested quite a lot of time re-checking things with a shorter EDNS0 limit
coded into bind, to confirm the TCP failure
21 matches
Mail list logo