[dns-operations] DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Sun Feb 26 23:48:39 UTC 2006

Roland Dobbins wrote:
> I wasn't talking about just smurf-like with that type of  
> amplification effect, nor just tricks like asking for 4K TXT records,  
> etc.; rather, some interesting logical relationships that Dan and  
> Mike have uncovered between some open recursive nameservers and  
> heretofore unknown resolvers of one flavor or another.

I have a question someone here may be able to answer...

Rob mentioned earlier these should be limited to 512 ATM, as a best 
practice - and as far as I see it, a band-aid stop-gap effort.... which 
makes sense.

Some (I think it was Bill?) said this can kill some applications such as 
DNS-SEC, now.. not to nitpick but I don't exactly see DNS-SEC around.

What other applications using larger packets would it break?

How large would the packets for these applications be? Surely if they 
are, say, 1024, it's better than 4 K's.

Also, wasn't the problem packet fragmentation? What am I missing?



More information about the dns-operations mailing list