named tcp dos?
Greg Rivers
gcr+bind-users at tharned.org
Mon Aug 6 22:21:35 UTC 2018
On Thursday, August 02, 2018 18:13:21 Randy Bush wrote:
> > We run about 300 TLD's on our DNS platform and get roughly 5-10% TCP
> > queries.
>
> that is quite a variance
>
> > In comparison, we get about 25-30% IPv6 queries.
>
> wonder how that compares to others
>
On the secondaries for a Fortune 50 company with a sizeable ecommerce presence, we see ~17% of queries come in over IPv6, and ~2.5% are TCP queries. With respect to the Internet, the v6 percentage is probably low, as the servers I checked answer quite a lot of queries from internal IPv4 networks.
For grins, I turned on query logging on one server (BIND 9.11.4) for a short time and produced a histogram of the unique query attribute combinations:
$ awk '"query:"==$10 {print $(NF-1)}' /var/log/daemon.2 | sort | uniq -c | sort -rn | tee >(awk '{s+=$1}END{print s}')
38111265 -E(0)DC
4963452 -E(0)D
4784394 -
3268810 -E(0)
896136 +E(0)DC
551934 -E(0)TDC
406856 -E(0)DCV
318068 -E(0)DV
282536 -E(0)DCK
173078 -T
149780 -E(0)TD
132303 -E(0)DK
107240 -C
105752 -E(0)T
32748 -E(0)TDV
24677 +
21722 -E(0)TDCV
10958 -E(0)C
10907 +T
337 -E(0)TDCK
174 +E(0)
135 -TC
131 -E(0)TDK
98 +E(0)TDC
19 +E(0)D
18 +E(0)K
8 -E(0)TC
3 +E(0)T
54353539
FWIW, this indicates that most TCP queries come from clients that claim to support EDNS0.
--
Greg Rivers
More information about the bind-users
mailing list