nanog mailing list archives
Re: Verisign broke GTLDs again?
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 16 May 2005 18:05:11 +0200
* Michael Tokarev:
EDNS0 can be easily abused for traffic amplication purposes. 8-(Root and TLD nameservers rarely have large answers to queries to exceed 512 bytes.
The miscreants have partial write access to most TLD zones, so they can create record sets whose size approaches or exceeds 512 bytes.
(And for those rare cases if they exists, TCP connection should be established to get a reply --
This seems to be Verisign's intent, and yet you still complain.
But this does not really matter. I repeat: One don't have to "support" EDNS0, just don't report it as error,
EDNS0-capable resolvers typically cache the information that another server doesn't support EDNS0. Returning FORMERR is compliant with RFC 2671.
like broken routers does with ECN.
IIRC, the complaint with respect to ECN was that some routers dropped packets *without* signaling an error.
Current thread:
- Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Florian Weimer (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Florian Weimer (May 16)
- Re: Verisign broke GTLDs again? Paul Vixie (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)