On 03/18/15 01:11, Michael Sinatra wrote:
> I think there are a few issues at play. google and other public > recursives will sometimes have multiple backend servers fetch a given RR > when they receive a single query for that RR on one instance of, say, > 8.8.8.8. I am basing this both on observed behavior and on Geoff > Huston's research (recently presented at NANOG). And since nothing is > cached, I get the same servers asking the same query over and over > again. Writ large, the result is that I end up with 1-2k of > simultaneous TCP sessions, per server, per domain. Just a quick qualification: This is during an active attack, not as a normal course of events. However, the attacks can and will last for several weeks. michael _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
