North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS deluge for x.p.ctrc.cc

  • From: Steven M. Bellovin
  • Date: Sat Feb 25 09:08:36 2006

In message <[email protected]>, Rob Thomas w
rites:
>

>Limit UDP queries to 512 bytes.  This greatly decreases the
>amplification affect, though it doesn't stop it.
>

Unfortunately, the intention of the DNS developers is just the 
opposite.  Things like DNSSEC require larger packet sizes; in fact, 
there's a DNS extension  (EDNS0) whose purpose, among others, it to 
permit this.  

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb