[Pdns-users] pdns-recursor delegate some queries to another recursor
Tobi <jahlives@gmx.ch>
jahlives at gmx.ch
Tue May 21 05:51:24 UTC 2019
Brian
> In any case, it's the responsibility of the authoritative domain owner
> to host their domain on at least two different ASes (RFC 2182), if
> they care about people being able to resolve it.
Full agree with that, but our customer is not interested why he cannot
send a mail to the other end of the world. It just needs to work :-) We
had such problems where after a 5 day investigation by our provider they
found out that such a BGP issue occured somewhere in the world with
their peering partner.
> An authoritative server with that sort of limit, such as could affect
> a single end-user site, would be completely broken IMO.
who said it's concerning my homebrew dns server? That issue occured on
our resolvers at the company where I work. We're working in email
filtering buissiness and we have quite a lot of dns queries per day.
Frank
> Note that the second reason you mention (src address rate limiting)
> won’t be fixed by implementing this solution…
true, not fixed as in "not occur anymore" but fixed as in "more than one
src address --> more queries in total before per SRC address limits kick in"
> If you *do* want to solve it at the configuration layer: do you have a
> list of domains that should use the other resolver?
thats our "problem": we only have the IP address(es) of the authorative
nameservers we want to reach via the 2nd resolver.
Cheers
--
tobi
Am 20.05.19 um 20:43 schrieb Brian Candler:
> On 20/05/2019 17:57, Tobi <jahlives at gmx.ch> wrote:
>> - BGP routing issues (ex from Provider 1 you can reach target and from
>> provider 2 not)
>
> That happens, but very rarely in my experience. In any case, it's the
> responsibility of the authoritative domain owner to host their domain on
> at least two different ASes (RFC 2182), if they care about people being
> able to resolve it.
>
>> - per SRC limits on the recipient side
>
> An authoritative server with that sort of limit, such as could affect a
> single end-user site, would be completely broken IMO.
>
> If you can replicate this issue, then I think it would be worth drilling
> down further with tests to prove or disprove these theories. It sounds
> more likely that the problem is local to you, either in your network, or
> with your upstream provider - especially if this affects a wide range of
> domains and not just a specific few. However, routing issues in your
> part of the world may be different to what I see here (in the UK).
>
More information about the Pdns-users
mailing list