Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS deluge for x.p.ctrc.cc

  • From: Steven M. Bellovin
  • Date: Sat Feb 25 09:08:36 2006 
In message <Pine.GSO.4.62.0602241629470.21514@qentba.nf23028.arg>, Rob Thomas w
rites:
>

>Limit UDP queries to 512 bytes.  This greatly decreases the
>amplification affect, though it doesn't stop it.
>

Unfortunately, the intention of the DNS developers is just the 
opposite.  Things like DNSSEC require larger packet sizes; in fact, 
there's a DNS extension  (EDNS0) whose purpose, among others, it to 
permit this.  

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.