[dns-operations] DNS prefetching, DLV and cheap NAT router state table overflow
fw at deneb.enyo.de
Sat Sep 25 17:19:35 UTC 2010
I did some additional experiments, and here is what I found:
I could not reproduce this with a close-by external resolver (with DLV
still enabled). Of course, Unbound sends no hardening queries for
infrastructure records when working as a forwarder. So I suspect the
phenomenon has little impact on DNSSEC validation on end hosts.
The state table issue is not related to DNS at all, it happens with
other UDP packets, too.
I could reproduce it with a warmed-up cache, too, by visiting web
pages such as <http://www.norid.no/domenenavnbaser/domreg.html>.
More information about the dns-operations