Anycast 101

• Previous message (by thread): Anycast 101
• Next message (by thread): Anycast 101
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Steven M. Bellovin wrote:

> In message <41C222C3.9020906 at globalstar.com>, Crist Clark writes:
> 
>>Iljitsch van Beijnum wrote:
>>
>>
>>>Due to limitations in the DNS protocol, it's not possible 
>>>to increase the number of authoritative DNS servers for a zone beyond 
>>>around 13.
>>
>>I believe you misspelled, "Due to people who do not understand the DNS
>>protocol being allowed to configure firewalls..."
> 
> 
> No, firewalls have nothing to do with it.  Section 4.2.1 of RFC 1035 
> says:
> 
>    Messages carried by UDP are restricted to 512 bytes (not counting the IP
>    or UDP headers).
> 
> There's a large installed base of machines that conform to that limit 
> and don't understand EDNS0.  I'll leave the packet layout and 
> arithmetic as an exercise for the reader (cheaters may want to run 
> tcpdump on 'dig ns .' and examine the result), but the net result is 
> what Iljitsch said: you can only fit about 13 servers into a response.

Into a UDP response. A resolver will recieve the first 512 bytes of the
truncated response and may then use TCP to get the complete response...
unless there is a firewall blocking 53/tcp in the way. But how often
does that happpen?

The root servers sustaining the ensuing SYN flood is another issue.
-- 
Crist J. Clark                               crist.clark at globalstar.com
Globalstar Communications                                (408) 933-4387

• Previous message (by thread): Anycast 101
• Next message (by thread): Anycast 101
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]