On Mon, 21 Jul 2008, Doug Barton wrote:
>
> I've written in the past about a hack we added when I was DNS Admin at
> Yahoo! to limit the number of A records in a rotor to those that would
> fit into a 512 byte UDP packet. So, if this proposal was in effect at
> that time, you would be virtually certain to get a different response
> _every_ time you query, which would trigger the "we're being attacked"
> alarm.
>
> I don't want to go down the "but that's a protocol violation" road again
> on this topic, I know it is. My point in this context is that this is
> being done "out in the wild," and it's probably being done a lot more
> often than people realize.


Yes. DJB's tinydns uses this hack for A RR sets with more than 8 items.
http://cr.yp.to/djbdns/balance.html

Tony.
--
f.anthony.n.finch http://dotat.at/
GERMAN BIGHT: NORTHWESTERLY 4 OR 5, BECOMING VARIABLE 3 LATER. MODERATE. FAIR.
MODERATE OR GOOD.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: