Brian > In any case, it's the responsibility of the authoritative domain owner > to host their domain on at least two different ASes (RFC 2182), if > they care about people being able to resolve it.
Full agree with that, but our customer is not interested why he cannot send a mail to the other end of the world. It just needs to work :-) We had such problems where after a 5 day investigation by our provider they found out that such a BGP issue occured somewhere in the world with their peering partner. > An authoritative server with that sort of limit, such as could affect > a single end-user site, would be completely broken IMO. who said it's concerning my homebrew dns server? That issue occured on our resolvers at the company where I work. We're working in email filtering buissiness and we have quite a lot of dns queries per day. Frank > Note that the second reason you mention (src address rate limiting) > won’t be fixed by implementing this solution… true, not fixed as in "not occur anymore" but fixed as in "more than one src address --> more queries in total before per SRC address limits kick in" > If you *do* want to solve it at the configuration layer: do you have a > list of domains that should use the other resolver? thats our "problem": we only have the IP address(es) of the authorative nameservers we want to reach via the 2nd resolver. Cheers -- tobi Am 20.05.19 um 20:43 schrieb Brian Candler: > On 20/05/2019 17:57, Tobi <jahli...@gmx.ch> wrote: >> - BGP routing issues (ex from Provider 1 you can reach target and from >> provider 2 not) > > That happens, but very rarely in my experience. In any case, it's the > responsibility of the authoritative domain owner to host their domain on > at least two different ASes (RFC 2182), if they care about people being > able to resolve it. > >> - per SRC limits on the recipient side > > An authoritative server with that sort of limit, such as could affect a > single end-user site, would be completely broken IMO. > > If you can replicate this issue, then I think it would be worth drilling > down further with tests to prove or disprove these theories. It sounds > more likely that the problem is local to you, either in your network, or > with your upstream provider - especially if this affects a wide range of > domains and not just a specific few. However, routing issues in your > part of the world may be different to what I see here (in the UK). > _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users