[dns-operations] Surprising ds.fedex.com NS RRset.

Phil Regnauld regnauld at nsrc.org
Fri Mar 5 08:05:36 UTC 2021

Viktor Dukhovni (ietf-dane) writes:
> The below was just brought to my attention, a domain with 81(!) records
> in its NS RRSet (3201 bytes over TCP):

	Someone leaked their AD zone... And, they made every DC auth for the zone,
	or they have many locations - either way it's not good. I've dealt with
	customer environments where clients stopped being able to log on the day
	the response size for the NS RRSet crossed 512 bytes (what, DNS runs
	needs TCP and 512 bytes isn't the limit ?).

More information about the dns-operations mailing list