[dns-operations] DNS deluge for x.p.ctrc.cc

John Kristoff jtk at ultradns.com
Mon Feb 27 16:36:50 UTC 2006

On Mon, Feb 27, 2006 at 12:20:28AM +0000, Paul Vixie wrote:
> # What other applications using larger packets would it break?
> responses containing AAAA RR's are one example.  RFC 2671 was not written
> pointlessly, or at least i hope (as its author) that it wasn't pointless.

What about query size limit.  At least for servers, or any host for
that matter, that would never receive DNS answers itself (e.g. in the
case of an authoritative only server), would limiting packets to 512
filter something potentially legitimate?

I realize this doesn't particularly help most victims in the wave of
attacks being discussed here, there have been attacks that shower 4KB
answers at hosts that should never be getting those answers.

Yes, I realize filtering at this granular level this is just a
band-aid.  Just curious in understanding what limitations there might
be on questions.

On a related note, I see reference in 1035 to the possibility that
there may be multiple questions in a query, but I don't recall ever
seeing this and am wondering if this has really ever been implemented.
If not, it seems the question might be even limited to something less
than 512 if there are no other limitations in response to my question

p.s. don't let the domain in my email fool you, I still have a lot
to learn about DNS.  :-)


More information about the dns-operations mailing list