[dns-operations] DNS deluge for x.p.ctrc.cc
paul at vix.com
Tue Feb 28 01:56:23 UTC 2006
# > responses containing AAAA RR's are one example. RFC 2671 was not written
# > pointlessly, or at least i hope (as its author) that it wasn't pointless.
(i'll come back to this part later.)
# What about query size limit. At least for servers, or any host for that
# matter, that would never receive DNS answers itself (e.g. in the case of an
# authoritative only server), would limiting packets to 512 filter something
# potentially legitimate?
since a given source-ip can be used for both sending queries and answering
queries, even sharing udp/53 for both purposes while doing so, this isn't a
general solution even though it will work for some people in some situations
(and is a particularly good bandaid for the attacks we're seeing this month.)
# On a related note, I see reference in 1035 to the possibility that there may
# be multiple questions in a query, but I don't recall ever seeing this and am
# wondering if this has really ever been implemented.
that's almost completely undefined, and very much (completely) unimplemented.
# If not, it seems the question might be even limited to something less than
# 512 if there are no other limitations in response to my question above.
for a multi-gigabite line rate forwarding device to KNOW whether a datagram
is a dns query (or response (or not)), is beyond present day physics.
# p.s. don't let the domain in my email fool you, I still have a lot
# to learn about DNS. :-)
are you one of several people who saw the reference to RFC 2671 above and did
not fetch down a copy and read it before posting your next message on this
thread? :-) :-) :-)
More information about the dns-operations