How to reduce the number of IP address returned when resolving a big round robin DNS entry
besnard michel
mbesnard at gmail.com
Tue Nov 28 18:01:19 UTC 2006
hi bind users,
# why i not using a loadbalancer :
the protocol is not NATed at the moment ; it's a new protocol over TCP
i'm waiting for a new testing plateform for doing tests
> > does akadns got a nsupdate tool to refresh any www.yahoo.akadns.net.
> > entries each 2 minutes ? does some one know a tool doing this or any
> > vendor ?
>
> They probably set the TTL field artificially low to get around problems when a
> host goes down.
thanks for more information
best regards,
Michel
2006/11/28, Mark Watts <m.watts at eris.qinetiq.com>:
>
> > hi,
> > it wasn't me !!
> >
> > i'm facing "message truncated" bit problem ; my BIND server send back
> > 29 RRs to my DNS client.
>
> Why on earth do you have 29 RR's for one hostname?
>
> Use a load-balancer and ONE IP.
>
> > But not all my DNS client accept this bit and
> > use TCP instead (normal) ; for the moment i do not accept TCP
> > (firewalled and not load balance, need to check BIND configuration...
> > to make). So i reduce the number of entries in my big IN A round robin
> > entrie. I think it's the best solution for security : DDoS attack. So
> > i try to used UDP only for DNS client.
> >
> > i read some archive on this subject but the solution is not clear for me
> >
> > www.yahoo.com. 1064 IN CNAME www.yahoo.akadns.net.
> > www.yahoo.akadns.net. 164 IN A 216.115.105.2
> > www.yahoo.akadns.net. 164 IN A 204.71.202.160
> > www.yahoo.akadns.net. 164 IN A 216.115.102.77
> > www.yahoo.akadns.net. 164 IN A 216.115.102.78
> > www.yahoo.akadns.net. 164 IN A 216.115.102.79
> > www.yahoo.akadns.net. 164 IN A 216.115.102.80
> >
> > does akadns got a nsupdate tool to refresh any www.yahoo.akadns.net.
> > entries each 2 minutes ? does some one know a tool doing this or any
> > vendor ?
>
> They probably set the TTL field artificially low to get around problems when a
> host goes down.
>
> > on an other way does EDNS0 RFC2671 is really used a problem like this ?
> > What is the real support of RFC2671 of actual DNS client ?
> > I have to fix also my firewall problem to use more than 512 byte for
> > DNS over UDP.
> >
> > my actual DNS clients are based on IP hardphone ...!
> >
> > i've found the FAQ year 1999 now
> > http://www.faqs.org/faqs/by-newsgroup/comp/comp.protocols.dns.bind.html
> >
> > sorry for the disturbing
> > bye and thanks for your hospitality
> >
> > 2006/11/28, Barry Margolin <barmar at alum.mit.edu>:
> > > In article <ekevq3$4af$1 at sf1.isc.org>,
> > >
> > > "besnard michel" <mbesnard at gmail.com> wrote:
> > > > hi,
> > > > A create an round robin entrie (IN A) with more than 50 address IP
> > > > return my DNS client can accept up to around 29 entries and doesn't
> > > > like truncated message
> > > >
> > > > Can BIND is able to reduce the number of IP returned to DNS client
> > > > whitout sending truncated message ?
> > >
> > > Isn't this something like the 4th or 5th time you've asked about this?
> > > You've already been told that BIND can't do this, why do you post the
> > > same question every few months?
> > >
> > > --
> > > Barry Margolin, barmar at alum.mit.edu
> > > Arlington, MA
> > > *** PLEASE post questions in newsgroups, not directly to me ***
> > > *** PLEASE don't copy me on replies, I'll read them in the group ***
>
> --
> Mark Watts BSc RHCE MBCS
> Senior Systems Engineer
> QinetiQ Trusted Information Management
> Trusted Solutions and Services Group
> GPG Public Key ID: 455420ED
>
>
>
>
--
Cdt,
Michel BESNARD
http://blog.yumanet.com
http://blog.mfl42.net
http://sweetlili.yumanet.com
More information about the bind-users
mailing list