nanog mailing list archives

Re: DNS deluge for x.p.ctrc.cc

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Sat, 25 Feb 2006 06:00:17 -0800


In message <Pine.GSO.4.62.0602241629470.21514 () qentba nf23028 arg>, Rob Thomas w
rites:

Limit UDP queries to 512 bytes.  This greatly decreases the
amplification affect, though it doesn't stop it.


Unfortunately, the intention of the DNS developers is just the 
opposite.  Things like DNSSEC require larger packet sizes; in fact, 
there's a DNS extension  (EDNS0) whose purpose, among others, it to 
permit this.  

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: DNS deluge for x.p.ctrc.cc, (continued)
- - - Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc Jon Lewis (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc Joe Provo (Feb 25)
    - Re: DNS deluge for x.p.ctrc.cc Joe Abley (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc Christopher L. Morrow (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc bmanning (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
    - Message not available
    - Re: DNS deluge for x.p.ctrc.cc Barrett Lyon (Feb 26)
    - Re: DNS deluge for x.p.ctrc.cc Rob Thomas (Feb 27)
  - Re: DNS deluge for x.p.ctrc.cc Steven M. Bellovin (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)