[dns-operations] EDNS0
william(at)elan.net
william at elan.net
Wed Mar 1 04:57:20 UTC 2006
Paul,
Can I have some understanding of what would happen if non-recursive DNS
server which services some domain with very large domain resource record
(say large txt) received a request for that record from spoofed source.
Would that always cause the response to go to the spoofed ip address?
How is that different then amplification with recursive dns servers?
(since in both cases the a smaller request packet of about 40-50 bytes
causes dns server to send large response up to 500bytes to forged
source ip address)
Would this change in anyway with EDNS (if so how)?
--
William Leibzon
Elan Networks
william at elan.net
More information about the dns-operations
mailing list