The permanent fix of for PowerDNS to follow the DNS protocol and make the query
over TCP.
They have a choice of solutions. Just make a TCP query and make a second TCP
query for the XFR. Make a TCP query and then the XFR if required over the same
TCP connection.
--
Mark Andrews
> On 19 No
Hi Bob,
On Fri, Nov 18, 2022 at 07:20:22AM -0500, Bob McDonald wrote:
> The size of the TCP packets is a problem. You might also look at
> minimal-responses.
The issue seems to be that an SOA query response for this DNSSEC-signed
zone is 2293 bytes, and PowerDNS can not yet retry that SOA query o
Under certain circumstances, DNS zones representing Windows Active
Directory domains can have rather large numbers of NS records if there
are/were DCs running DNS. This can happen in any DNS zone with a large
number of secondary DNS servers.
The size of the TCP packets is a problem. You might also
I've been running with this configuration on some authoritative nameservers for
the last couple of years:
rate-limit {
responses-per-second 100;
errors-per-second 1000;
nxdomains-per-second 1000;
max-table-size 5;
slip 2;
};
options {
tcp-clients 5000;
}
I understand
4 matches
Mail list logo
