[93665] in North American Network Operators' Group
Re: DNS - connection limit (without any extra hardware)
daemon@ATHENA.MIT.EDU (Luke C)
Mon Dec 11 11:18:05 2006
Date: Mon, 11 Dec 2006 17:15:09 +0100
From: "Luke C" <very.luke@gmail.com>
To: "Simon Waters" <simonw@zynet.net>
Cc: nanog@merit.edu
In-Reply-To: <200612081553.57295.simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
------=_Part_30915_25882911.1165853709065
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
>I use to slave "." which can save time on recursive DNS servers when they
have
>a lot of dross to answer (assuming it is totally random dross).
I'm not sure to understand your solution.
You configure your name-server as a slave-root-server?
On 12/8/06, Simon Waters <simonw@zynet.net> wrote:
>
> On Friday 08 December 2006 14:40, you wrote:
> >
> > For this reason, I would like that a DNS could response maximum to 10
> > queries per second given by every single Ip address.
>
> That may trap an email server or two.
>
> Did you consider checking what they are looking up, and lying to them
> about
> the TTL/answer "127.0.0.1 for a week" maybe better than NXDOMAIN.
>
> I use to slave "." which can save time on recursive DNS servers when they
> have
> a lot of dross to answer (assuming it is totally random dross).
>
> I suspect complex rate limiting may be nearly as expensive as providing
> DNS
> answers with Bind9.
>
------=_Part_30915_25882911.1165853709065
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
>I use to slave "." which can save time on recursive DNS servers when they have<br>>a lot of dross to answer (assuming it is totally random dross).<br><br>I'm not sure to understand your solution.<br>You configure your name-server as a slave-root-server?
<br><br><div><span class="gmail_quote">On 12/8/06, <b class="gmail_sendername">Simon Waters</b> <<a href="mailto:simonw@zynet.net">simonw@zynet.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Friday 08 December 2006 14:40, you wrote:<br>><br>> For this reason, I would like that a DNS could response maximum to 10<br>> queries per second given by every single Ip address.<br><br>That may trap an email server or two.
<br><br>Did you consider checking what they are looking up, and lying to them about<br>the TTL/answer "<a href="http://127.0.0.1">127.0.0.1</a> for a week" maybe better than NXDOMAIN.<br><br>I use to slave "." which can save time on recursive DNS servers when they have
<br>a lot of dross to answer (assuming it is totally random dross).<br><br>I suspect complex rate limiting may be nearly as expensive as providing DNS<br>answers with Bind9.<br></blockquote></div><br>
------=_Part_30915_25882911.1165853709065--
