[dns-operations] DNS deluge for x.p.ctrc.cc

Paul Vixie paul at vix.com
Tue Feb 28 01:56:23 UTC 2006

# > responses containing AAAA RR's are one example.  RFC 2671 was not written
# > pointlessly, or at least i hope (as its author) that it wasn't pointless.

(i'll come back to this part later.)

# What about query size limit.  At least for servers, or any host for that
# matter, that would never receive DNS answers itself (e.g. in the case of an
# authoritative only server), would limiting packets to 512 filter something
# potentially legitimate?

since a given source-ip can be used for both sending queries and answering
queries, even sharing udp/53 for both purposes while doing so, this isn't a
general solution even though it will work for some people in some situations
(and is a particularly good bandaid for the attacks we're seeing this month.)

# On a related note, I see reference in 1035 to the possibility that there may
# be multiple questions in a query, but I don't recall ever seeing this and am
# wondering if this has really ever been implemented.

that's almost completely undefined, and very much (completely) unimplemented.

# If not, it seems the question might be even limited to something less than
# 512 if there are no other limitations in response to my question above.

for a multi-gigabite line rate forwarding device to KNOW whether a datagram
is a dns query (or response (or not)), is beyond present day physics.

# p.s. don't let the domain in my email fool you, I still have a lot
# to learn about DNS.  :-)

are you one of several people who saw the reference to RFC 2671 above and did
not fetch down a copy and read it before posting your next message on this
thread?  :-) :-) :-)

More information about the dns-operations mailing list