North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Verisign broke GTLDs again?
* Michael Tokarev: >> EDNS0 can be easily abused for traffic amplication purposes. 8-( > > Root and TLD nameservers rarely have large answers to queries to > exceed 512 bytes. The miscreants have partial write access to most TLD zones, so they can create record sets whose size approaches or exceeds 512 bytes. >(And for those rare cases if they exists, TCP > connection should be established to get a reply -- This seems to be Verisign's intent, and yet you still complain. > But this does not really matter. I repeat: One don't have to > "support" EDNS0, just don't report it as error, EDNS0-capable resolvers typically cache the information that another server doesn't support EDNS0. Returning FORMERR is compliant with RFC 2671. > like broken routers does with ECN. IIRC, the complaint with respect to ECN was that some routers dropped packets *without* signaling an error.
|