RRL outcome on legitimate traffic...
kpielorz_lst at tdx.co.uk
Tue Dec 1 16:15:54 UTC 2020
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese <lyle at lcrcomputer.net>
> You need to look at the reply named sends when it trips and starts
> limiting UDP traffic source from a given IP address. It tells the
> requestor to try again using TCP instead of UDP.
> So if the requestor is a legit dns server, it will retry using TCP and
> still get a valid answer.
> Named does not blindly just drop traffic.
Hmmm, I thought it did for RRL limit hits? (i.e. that's the point - to stop
Documentation for rate-limit seemed a bit patchy e.g. KB aa-00994
references to "See ARM 6.2.15" - which doesn't exist. In fact a lot of the
KB documents reference Bind 9.9 - and things have moved on.
But I can see it's better explained in the current ARM / Section 184.108.40.206
In fact, that entry also covers/says "Legitimate clients react to dropped
or truncated response by retrying with UDP or with TCP respectively" -
looks like it documents where these are in stats as well (RateDropped /
QryDropped et'al) - so I think I'm good to go.
More information about the bind-users