Home page logo

nanog logo nanog mailing list archives

RE: Odd DNS responses for www.neopets.com
From: "Deepak Jain" <deepak () ai net>
Date: Wed, 5 Feb 2003 22:40:55 -0500

Maybe it's just me, but isn't there something odd about a DNS query
coming back with 78 entries for the same host?  It sends back an UDP
packet that gets truncated and the DNS resolver reverts to TCP to get
the full list.

This is often used for server pools (as I'm guessing you know).

It seems to cause problems with Windows clients and/or Windows DNS
servers.  Seems like overkill.

The 78 addresses listed here are all in one bit of a /24. In the 
cases I've
seen, there are a few servers listed in several different locations,
network- (and location-) wise. I agree that this looks really 
weird. Perhaps
they use it as a cheap load balancer?

Perhaps they use it to pad their IP allocations??


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]