This is a discussion on Re: increasing DNS message entropy, a solution for NATs - DNS ; On Mon, 21 Jul 2008, Doug Barton wrote: > > I've written in the past about a hack we added when I was DNS Admin at > Yahoo! to limit the number of A records in a rotor to those ...
On Mon, 21 Jul 2008, Doug Barton wrote:
> I've written in the past about a hack we added when I was DNS Admin at
> Yahoo! to limit the number of A records in a rotor to those that would
> fit into a 512 byte UDP packet. So, if this proposal was in effect at
> that time, you would be virtually certain to get a different response
> _every_ time you query, which would trigger the "we're being attacked"
> I don't want to go down the "but that's a protocol violation" road again
> on this topic, I know it is. My point in this context is that this is
> being done "out in the wild," and it's probably being done a lot more
> often than people realize.
Yes. DJB's tinydns uses this hack for A RR sets with more than 8 items.
GERMAN BIGHT: NORTHWESTERLY 4 OR 5, BECOMING VARIABLE 3 LATER. MODERATE. FAIR.
MODERATE OR GOOD.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.