[93613] in North American Network Operators' Group
Re: DNS - connection limit (without any extra hardware)
daemon@ATHENA.MIT.EDU (Simon Waters)
Fri Dec 8 11:18:08 2006
From: Simon Waters <simonw@zynet.net>
To: Luke <very.luke@gmail.com>
Date: Fri, 8 Dec 2006 15:53:55 +0000
In-Reply-To: <33f728c0612080640l27abf702r3df634d5223b9e0f@mail.gmail.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Friday 08 December 2006 14:40, you wrote:
>
> For this reason, I would like that a DNS could response maximum to 10
> queries per second given by every single Ip address.
That may trap an email server or two.
Did you consider checking what they are looking up, and lying to them about
the TTL/answer "127.0.0.1 for a week" maybe better than NXDOMAIN.
I use to slave "." which can save time on recursive DNS servers when they have
a lot of dross to answer (assuming it is totally random dross).
I suspect complex rate limiting may be nearly as expensive as providing DNS
answers with Bind9.
