[ratelimits] How to validate the use of RRL?
paul vixie
paul at redbarn.org
Wed Nov 7 06:49:50 UTC 2012
On 11/7/2012 6:10 AM, Feng He wrote:
> ...
>
> for i in `seq 0 9`;do dig @localhost +short +tries=1 +time=1 dnsbed.com a;done
>
> But it just works fine as no-rrl, I didn't see any exception. Why?
add +notcp to your 'dig' command or else it will try with TCP when it
gets TC=1 from RRL.
it is intentionally difficult to simulate the conditions under which RRL
is visible. if your test behaves the same way as a normal dns initiator
would behave, your results will be reliable, by design of RRL.
--
"I suspect I'm not known as a font of optimism." (VJS, 2012)
More information about the ratelimits
mailing list