-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Aaron,
Aaron Hopkins wrote: > Turning a 2 minute outage into a 17 minute outage by default is awful > behavior. Dmitriy is being hit particularly hard here because he's only > talking to one forwarder, but I assume this will happen just as easily with > the root, .com, etc if my internet connectivity goes down for 2 minutes but > my users are still actively trying to get somewhere new. > > Blacklisting a subset of nameservers for a zone for a while is sane, as > long > as you have someone left to talk to. But as soon as all possible IPs to > send a query to are marked unresponsive, you can't just decide to not do > any > lookups for the zone for an extended period. Is it unreasonable to ask for > either a much shorter blacklist TTL in the all-IPs-unavailable case or > do to > some form of low-volume probing (e.g. allow one query through per > minute, as > a test)? That sounds reasonable, I'll see what I can do. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkksSkoACgkQkDLqNwOhpPjwRACfVvr9XLMRCVWeSBSqJpeDhoPj 6XkAoKWk2X8rIr72cqAtrB+46jJI0DRQ =Nt2X -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
