[dns-operations] Surprising ds.fedex.com NS RRset.
regnauld at nsrc.org
Fri Mar 5 08:05:36 UTC 2021
Viktor Dukhovni (ietf-dane) writes:
> The below was just brought to my attention, a domain with 81(!) records
> in its NS RRSet (3201 bytes over TCP):
Someone leaked their AD zone... And, they made every DC auth for the zone,
or they have many locations - either way it's not good. I've dealt with
customer environments where clients stopped being able to log on the day
the response size for the NS RRSet crossed 512 bytes (what, DNS runs
needs TCP and 512 bytes isn't the limit ?).
More information about the dns-operations