Home page logo

nanog logo nanog mailing list archives

Re: DNS deluge for x.p.ctrc.cc
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Sat, 25 Feb 2006 06:00:17 -0800

In message <Pine.GSO.4.62.0602241629470.21514 () qentba nf23028 arg>, Rob Thomas w

Limit UDP queries to 512 bytes.  This greatly decreases the
amplification affect, though it doesn't stop it.

Unfortunately, the intention of the DNS developers is just the 
opposite.  Things like DNSSEC require larger packet sizes; in fact, 
there's a DNS extension  (EDNS0) whose purpose, among others, it to 
permit this.  

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]