named tcp dos?

Randy Bush randy at
Sat Aug 4 17:57:49 UTC 2018

> We have slightly less then 25% for IPv6 queries.
> And about 4-5% TCP queries.

considering we share the load of the same non-trivial signed cctld, i
should be seeing similarly.  though i am sure both of us serve a few
more <g>.  and tony and hugo (the latter privately) are seeing similar,
though maybe slightly less v6.  or they admit to more variance :)

> In our case, the default for "tcp-clients" setting is still good enough.
> In BIND 9.9/9.10 it is 100 by default
> In BIND 9.11/9.12 it is 150 by default.

i am currently running default on 9.10

> If you want the future, you can set it to 200 ;-)

tony's reply/advice on this is interesting.  i am considering his
> minimal-responses yes;
> minimal-any yes;

but maybe i should just suck it up; tcp and tls are the wave of the dns

an aside: folk seem to be in the 20% range for ipv6, while overall
backbone traffic stats are about half that.  are dns caches more likely
to be v6 enabled than the average bear?  yet another measurement project
for which we have no time.  hi duane :)

and thanks for the real numbers.  much better than, though not as
amusing as, the email i received from two frat boys who probably should
not drink and type.  reminiscences of the usenet!


