How to reduce the number of IP address returned when resolving a big round robin DNS entry
Barry Margolin
barmar at alum.mit.edu
Tue Nov 28 17:43:37 UTC 2006
In article <ekh28m$3036$1 at sf1.isc.org>,
"besnard michel" <mbesnard at gmail.com> wrote:
> hi,
> it wasn't me !!
Really?
>
> i'm facing "message truncated" bit problem ; my BIND server send back
> 29 RRs to my DNS client. But not all my DNS client accept this bit and
> use TCP instead (normal) ; for the moment i do not accept TCP
> (firewalled and not load balance, need to check BIND configuration...
If you're going to send back such large responses, you should allow TCP
through the firewall.
> to make). So i reduce the number of entries in my big IN A round robin
> entrie. I think it's the best solution for security : DDoS attack. So
> i try to used UDP only for DNS client.
>
> i read some archive on this subject but the solution is not clear for me
>
> www.yahoo.com. 1064 IN CNAME www.yahoo.akadns.net.
> www.yahoo.akadns.net. 164 IN A 216.115.105.2
> www.yahoo.akadns.net. 164 IN A 204.71.202.160
> www.yahoo.akadns.net. 164 IN A 216.115.102.77
> www.yahoo.akadns.net. 164 IN A 216.115.102.78
> www.yahoo.akadns.net. 164 IN A 216.115.102.79
> www.yahoo.akadns.net. 164 IN A 216.115.102.80
>
> does akadns got a nsupdate tool to refresh any www.yahoo.akadns.net.
> entries each 2 minutes ? does some one know a tool doing this or any
> vendor ?
Akamai doesn't use BIND for the akadns.net domain, they have a custom
DNS server designed specifically to support their fancy load balancing
and content distribution services.
>
> on an other way does EDNS0 RFC2671 is really used a problem like this ?
> What is the real support of RFC2671 of actual DNS client ?
> I have to fix also my firewall problem to use more than 512 byte for
> DNS over UDP.
>
> my actual DNS clients are based on IP hardphone ...!
>
> i've found the FAQ year 1999 now
> http://www.faqs.org/faqs/by-newsgroup/comp/comp.protocols.dns.bind.html
>
> sorry for the disturbing
> bye and thanks for your hospitality
>
> 2006/11/28, Barry Margolin <barmar at alum.mit.edu>:
> > In article <ekevq3$4af$1 at sf1.isc.org>,
> > "besnard michel" <mbesnard at gmail.com> wrote:
> >
> > > hi,
> > > A create an round robin entrie (IN A) with more than 50 address IP return
> > > my DNS client can accept up to around 29 entries and doesn't like
> > > truncated
> > > message
> > >
> > > Can BIND is able to reduce the number of IP returned to DNS client
> > > whitout
> > > sending truncated message ?
> >
> > Isn't this something like the 4th or 5th time you've asked about this?
> > You've already been told that BIND can't do this, why do you post the
> > same question every few months?
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> >
> >
> >
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list