On Feb 10, 2015, at 3:32 PM, Paul Vixie <p...@redbarn.org> wrote: > as i wrote up-thread, i think 25/sec would be a better threshold for > nxdomains on a root server running DNS RRL.
"Better" for whom? If some of the root server operators run RRL, all they are doing is causing the DDoS purveyors to switch to the other root server operators. If that happens, and then all of the root server operators feel that they have to run RRL, the attackers simply add ten lines of code to spread the load across all the root server operators at just below the threshold. This feels like another poorly-thought-out experiment on the live operating DNS with, as usual, insufficient data about the experiment being collected. If I'm wrong, and your number of "25/sec" is based on analysis and data, it would be great for you to share it here. --Paul Hoffman _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
