query dropping vs. returning nxdomain
Mark Andrews
Mark_Andrews at isc.org
Tue Mar 7 23:50:07 UTC 2006
Whatever we do we have to be very very careful.
Some MS nameservers put a 60 second dead time after seeing
a EDNS query. This really has made deploying EDNS a pain.
I'm sure MS thought that this was a "good idea" but it
definitely has had bad consequences.
We really don't want to fall into the same trap.
Drop M in N after the error rate goes over P error PPS on
a per error basis (Name Error is not a error for this
discussion).
You also need to remember that you are drawing extra
legitimate traffic to you when it is a misconfiguration and
not an attack if you do this. e.g. the zone is delegated
to the server but the server is not configured to serve the
zone.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-workers
mailing list