Home page logo

nanog logo nanog mailing list archives

Re: Odd DNS responses for www.neopets.com
From: "David Russell" <drussell () thrupoint net>
Date: Thu, 6 Feb 2003 08:28:33 -0500

Maybe it's just me, but isn't there something odd about a DNS query
coming back with 78 entries for the same host?  It sends back an UDP
packet that gets truncated and the DNS resolver reverts to TCP to get
the full list.

It is not necessarily odd.  Network management applications such as OpenView
work best if the DNS lookup for a router returns all the addresses
configured on the router.  The UDP packet can overflow and be truncated with
22 entries.

It seems to cause problems with Windows clients and/or Windows DNS
servers.  Seems like overkill.

 I feel your pain because I use a DNS module in my scripts that craps out
when it sees one of these truncated packets, but then the problem is with
the client and not DNS.  It is too bad that the DNS packet size can't be
increased to 1500B.

David Russell
ThruPoint, Inc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]