<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body style="font-family: tt; font-size: 11pt;" bgcolor="#FFFFFF"
text="#000000"><div style="font-size: 11pt;font-family: tt;"><br><br>samwu(吴
洪声) wrote:<blockquote style="word-wrap: break-word;"
cite="mid:etPan.52f5141b.2ae8944a.14db@HongKong.local" type="cite"><meta
http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>body{font-family:Helvetica,Arial;font-size:13px}</style>
<div id="bloop_customfont" style="font-family: Helvetica,Arial;
font-size: 13px; color: rgb(0, 0, 0); margin: 0px;">
in DNSPod, we responded user a random cname like afda7896.dnspod.com to
prevent DNS query flood and avoid TCP issue.</div></blockquote><br>this
approach changes the meaning of the dns result, such that the qname is
now an alias. some cname-aware protocols like smtp and http will behave
differently when you insert a cname chain like this. that's a cost i
consider to be too high, even for ddos mitigation.<br><br>vixie<br></div></body></html>