On 2013-03-27, at 14:39, Thomas Mieslinger <[email protected]> wrote: > --snip-- > We have corrected the issue that was blocking email/MX queries to US domain > names from Europe. > > Neustar had noticed a MX spike in it's servers in Europe over the weekend, > and to stop any negative effects, we placed those servers in mitigation. We > have modified the mitigation to block all inbound MX queries from recursive > servers with the recursive bit turned off, and all email from Europe to .US > domain names will now be delivered correctly. > --snap--
That seems like a curious mitigation tactic. I don't think it's a reasonable characterisation to link the availability of European-based authoritative servers to the ability for Europeans to send mail to Americans. So long as *some* authoritative servers for .us were responding, and so long as the "mitigation" didn't involve returning false answers, mail would still be delivered; just the recursive MX lookup would take longer. I would worry, though, that timing out on MX queries specifically would cause use of those European nameservers to be suppressed for other RRTypes, too. That would amount to a wholesale shifting of query traffic from European .us nameservers to those elsewhere without the "mitigation". The apparent availability and non-availability of those particular servers from the point of view of caches would make capacity planning difficult. The difficulty in diagnosing problems at end-sites is already evident. There are a lot of moving parts there, and a lot of unpredictable behaviours. I wouldn't have taken that approach to defend against MX spikes. Joe _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
