How to reduce the number of IP address returned when resolving a big round robin DNS entry
besnard michel
mbesnard at gmail.com
Tue Nov 28 10:03:08 UTC 2006
hi,
it wasn't me !!
i'm facing "message truncated" bit problem ; my BIND server send back
29 RRs to my DNS client. But not all my DNS client accept this bit and
use TCP instead (normal) ; for the moment i do not accept TCP
(firewalled and not load balance, need to check BIND configuration...
to make). So i reduce the number of entries in my big IN A round robin
entrie. I think it's the best solution for security : DDoS attack. So
i try to used UDP only for DNS client.
i read some archive on this subject but the solution is not clear for me
www.yahoo.com. 1064 IN CNAME www.yahoo.akadns.net.
www.yahoo.akadns.net. 164 IN A 216.115.105.2
www.yahoo.akadns.net. 164 IN A 204.71.202.160
www.yahoo.akadns.net. 164 IN A 216.115.102.77
www.yahoo.akadns.net. 164 IN A 216.115.102.78
www.yahoo.akadns.net. 164 IN A 216.115.102.79
www.yahoo.akadns.net. 164 IN A 216.115.102.80
does akadns got a nsupdate tool to refresh any www.yahoo.akadns.net.
entries each 2 minutes ? does some one know a tool doing this or any
vendor ?
on an other way does EDNS0 RFC2671 is really used a problem like this ?
What is the real support of RFC2671 of actual DNS client ?
I have to fix also my firewall problem to use more than 512 byte for
DNS over UDP.
my actual DNS clients are based on IP hardphone ...!
i've found the FAQ year 1999 now
http://www.faqs.org/faqs/by-newsgroup/comp/comp.protocols.dns.bind.html
sorry for the disturbing
bye and thanks for your hospitality
2006/11/28, Barry Margolin <barmar at alum.mit.edu>:
> In article <ekevq3$4af$1 at sf1.isc.org>,
> "besnard michel" <mbesnard at gmail.com> wrote:
>
> > hi,
> > A create an round robin entrie (IN A) with more than 50 address IP return
> > my DNS client can accept up to around 29 entries and doesn't like truncated
> > message
> >
> > Can BIND is able to reduce the number of IP returned to DNS client whitout
> > sending truncated message ?
>
> Isn't this something like the 4th or 5th time you've asked about this?
> You've already been told that BIND can't do this, why do you post the
> same question every few months?
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
>
--
Cdt,
Michel BESNARD
http://blog.yumanet.com
http://blog.mfl42.net
http://sweetlili.yumanet.com
More information about the bind-users
mailing list