[ratelimits] Remarks regarding the Knot DNS 1.2.0 RRL implementation

Wed Mar 6 15:35:31 UTC 2013

On 2013-03-06, at 10:19, Matthijs Mekking <matthijs at nlnetlabs.nl> wrote:

> Operators have been blocking ANY queries because they were plagued by
> that.

I heard of NeuStar/Ultra dropping ANY queries, but now that I look for an example I can't seem to find one, e.g. see failed attempt below with one of the nameservers Ultra is providing for NZ. I am very aware that this is not an exhaustive test regime :-)

Who is actually dropping ANY? Is this actually happening, or is it fiction?

Joe

[krill:~]% dig nz. ns +short
ns3.dns.net.nz.
ns7.dns.net.nz.
ns4.dns.net.nz.
ns6.dns.net.nz.
ns5.dns.net.nz.
ns1.dns.net.nz.
ns2.dns.net.nz.
[krill:~]% host ns5.dns.net.nz
ns5.dns.net.nz has address 156.154.100.14
ns5.dns.net.nz has IPv6 address 2001:502:ad09::14
[krill:~]% whois -h whois.cymru.com 156.154.100.14
AS      | IP               | AS Name
12008   | 156.154.100.14   | ULTRADNS - NeuStar, Inc.
[krill:~]% dig @156.154.100.14 nz. any +bufsize=4000

; <<>> DiG 9.8.3-P1 <<>> @156.154.100.14 nz. any +bufsize=4000
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17725
;; flags: qr aa rd; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nz.				IN	ANY

;; ANSWER SECTION:
nz.			86400	IN	SOA	loopback.dns.net.nz. soa.nzrs.net.nz. 2013030716 900 300 604800 3600
nz.			3600	IN	RRSIG	NSEC 8 1 3600 20130310035034 20130302124443 31023 nz. hzRanuL6R0N9Cj97XZeRtEo5YH/1/mTnoS7py2FTne2niCrw9qhnOYYs 4jAgyhbU/yI0sxyq37qdgEkWMypUQymOiypuqc4W/Qo6aCBen7UdZM2q tr6xAagBJKfeM0y7Y1yfMvfzDSUVOa+o1Yu8yCnrZK2VpGZEn7gKyHhb xIw=
nz.			3600	IN	NSEC	_nicname._tcp.nz. NS SOA RRSIG NSEC DNSKEY
nz.			3600	IN	RRSIG	DNSKEY 8 1 3600 20130314232158 20130302124443 19889 nz. wYxfWlQvNYOZn6NXuCGEnDi2BMM6RtXWqyTvKS5GIWVAXpjPcU0vjpvU 7xfliVxlg2+EVhdL4XOmOKJIR7Yloi+e7asWQSrUxcKhFZ4l6YxIe7h5 War5bKK0lDqRhdzHdpSSH6irjwtRTkG8/KZbCeCdJpa64NtyxcUA+ZFG zC/viKNwdv0itieSQ6M0itEL+TF0guTr0EUWoXHD+4wELyA5OmuHOVhi vsA9ZoJdSaMxvA8zT1zpvplawDJY+/3MhQ1vptmuRURllrYe2HRqG8ak g6HiSKba4hRsIY17F6sL0nlrxU6P6Dw43ADR4iei+sJSjCbUumVo1l12 kcVyHQ==
nz.			3600	IN	DNSKEY	256 3 8 AwEAAbj7t4eUG47vWdncvEGgZo5hhlxXY/cnDiwJ1LxmyFl61Glxp59K faqgKvpuJxmPQwYHZb26OW9Q0b07HMfBlfZaEzAJSckR9DSmWWdmmEJk bru7spHkfd6Gp0kpjlYkhDtvccXAU9B49cSJT7Z4DWigb42WWV9oAR5D 1G03Hc4b
nz.			3600	IN	DNSKEY	256 3 8 AwEAAc4De/qpQw+88eGOXJk/ceR65uBmRftDczbe3PsL2+X0f+3DYrCG ddlYhIQdAmOuThlwwXz9JTZbOVG0B8qLYmBTp0Q2KC1cFYSx2zG+XzVY z/h9+p/JlWg1g95CtW7W5zGLvX4zYakXtyZu0u3MqfEO7QS/GOpyZ5JH rb6/IwcB
nz.			3600	IN	DNSKEY	257 3 8 AwEAAcmrzZIh9JYcdpN/7g/UZZN4rhX5LCulV8fcre8J7dxTLkSP49Nd 38wunY4s05oeJqBNkVPGWV36KoSJ+2XIcac6uwXKdoagMBHswMnSo2Fu Jl6GYqNZKAJlP7D7FbtcOpCLvJjgOeBAB6MenyfTeyfNfB+Orki2nADr +zAsagjTlLjEIfQ+foWTymCiLc7Tcv3Vac+XvwZhRPaCE+psnZAkyR4r +akaiRkoFtpK/13lBxQYF3fVYfccPEKhuBLY7FLlQ3HtXCEOEgCSbnRH gVNTXmD15QdkUOysKIfRZaA+KqUutV6XX9il2KDP7yEzx/XRR2xmIzbc H8++09O+FLU=
nz.			86400	IN	RRSIG	NS 8 1 86400 20130318121757 20130302124443 31023 nz. QnUWPYK8ZEwIOQODDG89cHSSqu1jWVSP+H0cO9/LxoYoTVzotlzY9EHJ lCD94yzil/p77rAqtJOs12X7dOzN2T/oe1o34RnnthiTRc1+QyFmfl0E UdPeGafr157I1zEot9MO+XPC/mZsm11G5njAewaUnU1NVhGfkewQwTfs qZI=
nz.			86400	IN	NS	ns1.dns.net.nz.
nz.			86400	IN	NS	ns5.dns.net.nz.
nz.			86400	IN	NS	ns3.dns.net.nz.
nz.			86400	IN	NS	ns7.dns.net.nz.
nz.			86400	IN	NS	ns6.dns.net.nz.
nz.			86400	IN	NS	ns2.dns.net.nz.
nz.			86400	IN	NS	ns4.dns.net.nz.
nz.			86400	IN	RRSIG	SOA 8 1 86400 20130319082248 20130306144333 24808 nz. cW/M9TgDZda2vyzdnq7onfLxLzZ+II+YINc2NqjT1d/NQJT43owi/uow gkgARPRerXX9t8uwq9uVcLscaldhagVghhiwzuy2Kg60hhHCBIThijx/ MSSsZnttfle1LhGHLxtGvMaGddYtGeKUedMYpuw23eaHsHly5AuMOXmx kXU=

;; ADDITIONAL SECTION:
ns1.dns.net.nz.		86400	IN	A	202.46.190.130
ns1.dns.net.nz.		86400	IN	AAAA	2001:dce:2000:2::130
ns2.dns.net.nz.		86400	IN	A	202.46.187.130
ns2.dns.net.nz.		86400	IN	AAAA	2001:dce:4000:2::130
ns3.dns.net.nz.		86400	IN	A	202.46.188.130
ns4.dns.net.nz.		86400	IN	A	202.46.189.130
ns5.dns.net.nz.		86400	IN	A	156.154.100.14
ns5.dns.net.nz.		86400	IN	AAAA	2001:502:ad09::14
ns6.dns.net.nz.		86400	IN	A	156.154.101.14
ns6.dns.net.nz.		86400	IN	AAAA	2001:502:2eda::14
ns7.dns.net.nz.		86400	IN	A	194.146.106.54
ns7.dns.net.nz.		86400	IN	AAAA	2001:67c:1010:13::53

;; Query time: 104 msec
;; SERVER: 156.154.100.14#53(156.154.100.14)
;; WHEN: Wed Mar  6 10:33:45 2013
;; MSG SIZE  rcvd: 1858

[krill:~]% 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130306/c78700fb/attachment.pgp>