[dns-operations] ip id from servers

Mark Andrews marka at isc.org
Thu Mar 11 02:59:27 UTC 2010

In message <m23a071t47.wl%randy at psg.com>, Randy Bush writes:
> > There is very little fragmented traffic other than from nameservers.
> this has been measured?  taken where?  paper cite, plz?

Just think about all the fragmentation problems with DNSSEC.  These would
not exist if fragments were common for other traffic.

> but, in this case, i am not talking about a couple of duplicate tuples.
> i am talking dozens to 100+, while other sources with similar packet
> counts show zero or one dupe (and the one dupe is where there were
> enough packtes to repeat the ip id).  elephants among mice.
> randy

Ip id is only 16 bits.  It doesn't take that many replies to have two the
same, birthday paradox. 

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list