This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Draft of RIPE DNS Resolver Best Common Practices
- Previous message (by thread): [dns-wg] Draft of RIPE DNS Resolver Best Common Practices
- Next message (by thread): [dns-wg] DNS Working Group
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dave Knight
dave at shl.io
Thu Feb 8 18:29:23 CET 2024
I haven’t seen a final draft yet, so hopefully it’s not too late to suggest further additions :) A talk [1] at DNS OARC 42 this morning reminded me of a common pitfall we might do well to point out in the document. Beware of state in the network! State holding middleware, e.g. firewalls, load-balancers, whether in discrete devices, or local to the nameserver host itself, e.g. connection tracking in Linux netfilter, often come with a default configuration not tuned in expectation of the high volumes of UDP seen at a DNS server. A typical failure scenario sees state tables are overrun, resulting in dropped packets. Careful consideration should be made in regard to tuning how state is held in the network, is it needed at all? dave [1] Real world challenges with large responses, truncation, and TCP <https://indico.dns-oarc.net/event/48/contributions/1036/> -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/dns-wg/attachments/20240208/13e3e17c/attachment.html>
- Previous message (by thread): [dns-wg] Draft of RIPE DNS Resolver Best Common Practices
- Next message (by thread): [dns-wg] DNS Working Group
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]