[dns-operations] DNS deluge for x.p.ctrc.cc
ge at linuxbox.org
Sun Feb 26 23:48:39 UTC 2006
Roland Dobbins wrote:
> I wasn't talking about just smurf-like with that type of
> amplification effect, nor just tricks like asking for 4K TXT records,
> etc.; rather, some interesting logical relationships that Dan and
> Mike have uncovered between some open recursive nameservers and
> heretofore unknown resolvers of one flavor or another.
I have a question someone here may be able to answer...
Rob mentioned earlier these should be limited to 512 ATM, as a best
practice - and as far as I see it, a band-aid stop-gap effort.... which
Some (I think it was Bill?) said this can kill some applications such as
DNS-SEC, now.. not to nitpick but I don't exactly see DNS-SEC around.
What other applications using larger packets would it break?
How large would the packets for these applications be? Surely if they
are, say, 1024, it's better than 4 K's.
Also, wasn't the problem packet fragmentation? What am I missing?
More information about the dns-operations