Excessive query by open DNS
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Oct 9 09:59:43 UTC 2008
> > Why not return 127.0.0.1 for everything?
> >>> Think it's a good idea, and return it with very very high TTL. All DNSs
> >>>caching these values will help you to avoid this traffic.
> On Wed, Oct 8, 2008 at 9:53 AM, Scott Haneda <talklists at newgeo.com> wrote:
> > I agree, and I will eventually. As it stands now, openDNS is not playing
> > by the rules as I know them. If there is no record, they should look once,
> > cache that response, and move on. Certainly, they should not hit a server
> > 100+ times in 3-4 seconds in succession.
On 08.10.08 22:13, Raul Lopez Nevot wrote:
> I don't know about the internals of OpenDNS systems, but I think they
> *should* ask for every request they have for your domain, and only return
> their own IPs in case the host requested does not exist at this moment, and
> return it with very low TTL.
> Just tested now, and they return TTL 0 for non-existing domains.
No, they should cache all DNS responses for time set in their TTL's, not
to flood anyone's nameserver with repeated requests for the same record.
> Of course, I think they should not return their own IPs, just return
> NXDOMAIN or so. But if they choose the wrong way and they return their IPs
> in non-existing case, the best way to return it is with TTL 0.
If they translate NXDOMAIN to their IP, they should keep the same TTL they
received in the NXDOMAIN response.
> If you workaround this adding this domain and sending 127.0.0.1, for
> example, with very high ttl, they *will* cache the result, and yes, then
> they will help you not to get such this traffic.
If they lower TTL from any reason, they must expect such behaviour.
Well, I will understand if they lower negative TTL to a value e.g. 3 hours
(like the mag-ncache-ttl in BIND) before replacing with their record, but
that should not be needed even.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
More information about the bind-users
mailing list