Thanks for the clarification. We did in fact detect initial configuration
issues with the default TCP 3 backlog, but once we'd put this up to 2000 we
only had one brief window of RST congestion as detected by a simple TCP
filter. This test was for a domainspace which serves around 250,000
Yes, our goal was to test out the asserting in RFC5966 that: The majority of
DNS server operators already support TCP and we wanted to see if we could
quantify what that majority actually was.
What we found out was that of the DNS resolvers that were visible to the
authoritative name server,
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
them aussies certainly know how to do a nice bit of wide-scale
measurement. now we can descend into the religions un-asserted
implications violate.
randy
___
dns-operations mailing
http://dnssec-debugger.verisignlabs.com/army.milĀ also shows several issues.
- Original Message -
From: Rose, Scott W. scott.r...@nist.gov
To: Mike A mi...@mikea.ath.cx; DNS Operations
dns-operati...@mail.dns-oarc.net
Cc:
Sent: Wednesday, August 21, 2013 10:06 AM
Subject: Re:
On Wed, 21 Aug 2013, Dobbins, Roland wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
I didn't even get far enough to get to the parts Vixie seems to object to.
It was too painful to read. It's in desperate need of proof-reading and
copy editing. Was this
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols
disappointed me with this characterization of RRL:
There is a conversation thread that says that resolvers should
implement response rate limiting (RRL), and silently discard
repetitive queries that exceed some
From: Geoff Huston g...@apnic.net
On the other hand its no more serious than any other form of small
TCP transaction based services that are subjected to massive volumes,
such as, say, a search engine front end.
Isn't that why HTTP, SMTP, and other TCP transaction services have
been changed
BTW, The goal of OpenResolverProject was to have an inventory so folks could
measure against attacks and determine what % of attacks utilized them.
The list is available in weekly format to security teams to download in bulk so
they can use tools like GrepCidr to perform this cross-reference.
On Aug 21, 2013, at 1:33 AM, Ralf Weber ralf.we...@nominum.com wrote:
Moin!
On 20.08.2013, at 20:14, Doug Barton do...@dougbarton.us wrote:
Rumor has it that Nominum and Fortidns have implementations for NTAs. Any
truth to those rumors?
It's not a rumor. Nominum Vantio had this feature
On Wed, Aug 21, 2013 at 03:14:59PM +, Vernon Schryver wrote:
HTTP, SMTP, ando other TCP transaction applications? Could the gTLD
roots exist in anything like their current forms if DNS transactions
cost as many CPU and stable storage computrons as an HTTP GET of
a purely static page
Moin!
On 21.08.2013, at 08:18, Jared Mauch ja...@puck.nether.net wrote:
The unexpected results of the data were knowing that ~46% are just a broken
CPE device that does something weird with DNS packets.
Well they mostly proxy that query to their ISPs resolver, who as it came from
an address
Vernon Schryver wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols
disappointed me with this characterization of RRL:
There is a conversation thread that says that resolvers should
implement response rate limiting (RRL), and silently discard
repetitive
And furthermore, it is my understanding that in RRL no queries are ever
discarded. Only the response is throttled.
Alan V. Shackelford Senior Systems Software
Engineer
The Johns Hopkins University and Johns Hopkins Medical Institutions
Baltimore, Maryland USA
On 22/08/2013, at 9:36 AM, Geoff Huston g...@apnic.net wrote:
On 22/08/2013, at 12:36 AM, Jon Lewis jle...@lewis.org wrote:
On Wed, 21 Aug 2013, Dobbins, Roland wrote:
http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/
I didn't even get far enough to get to the
Geoff Huston wrote:
...
So here is what I would say to this audience:
...
thank you geoff, i understand it now.
vixie
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Geoff,
I personally think this is really interesting work. A question about
methodology:
On Aug 21, 2013, at 4:36 PM, Geoff Huston g...@apnic.net wrote:
- Our experiment used a modified DNS server that truncated all UDP at 512
bytes, and over 10 days we enlisted some 2 million end clients to
On 22/08/2013, at 10:32 AM, David Conrad d...@virtualized.org wrote:
Geoff,
I personally think this is really interesting work. A question about
methodology:
On Aug 21, 2013, at 4:36 PM, Geoff Huston g...@apnic.net wrote:
- Our experiment used a modified DNS server that truncated all
17 matches
Mail list logo