named tcp dos?
Tony Finch
dot at dotat.at
Fri Aug 3 11:10:04 UTC 2018
Randy Bush <randy at psg.com> wrote:
>
> estimate or measure the distribution of the ratio of udp to tcp queries
> on say 100 cctld servers.
On a recently rebooted auth server, which hosts zones for a handful of
universities with and without DNSSEC, slightly less than 1% of queries are
over TCP.
$ curl -Ssf http://authdns1.csx.cam.ac.uk:8053/json/v1 |
jq '[ .nsstats.QryUDP, .nsstats.QryTCP ]'
[
6994195,
61575
]
I have a few config options which can affect TCP usage. These two should
reduce it:
minimal-responses yes;
minimal-any yes;
These ones can increase it:
rate-limit {
responses-per-second 10;
ipv4-prefix-length 32;
exempt-clients { cudn; };
};
max-udp-size 1420;
(The latter is to avoid UDP fragmentation.)
This is not a very beefy server so I haven't increased the TCP concurrency
very much:
tcp-clients 256;
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Fisher, German Bight: South, veering west 3 or 4, occasionally 5 later. Smooth
or slight. Showers. Moderate or good.
More information about the bind-users
mailing list