Verisign broke GTLDs again?
Florian Weimer
fw at deneb.enyo.de
Mon May 16 16:05:11 UTC 2005
* Michael Tokarev:
>> EDNS0 can be easily abused for traffic amplication purposes. 8-(
>
> Root and TLD nameservers rarely have large answers to queries to
> exceed 512 bytes.
The miscreants have partial write access to most TLD zones, so they
can create record sets whose size approaches or exceeds 512 bytes.
>(And for those rare cases if they exists, TCP
> connection should be established to get a reply --
This seems to be Verisign's intent, and yet you still complain.
> But this does not really matter. I repeat: One don't have to
> "support" EDNS0, just don't report it as error,
EDNS0-capable resolvers typically cache the information that another
server doesn't support EDNS0. Returning FORMERR is compliant with RFC
2671.
> like broken routers does with ECN.
IIRC, the complaint with respect to ECN was that some routers dropped
packets *without* signaling an error.
More information about the NANOG
mailing list