Hello,
I am a network researcher. One question I want to ask the ISPs here are that
if they have a choice of finding more information about the hosts that
connect to them, is it something they will like to spend money on? For
example if the ISP can find out what applications is the host running et
How do you engineer around enterprise and ISP recursors that don't honor
TTL, instead caching DNS records for a week or more?
On 8/7/07, Patrick W.Gilmore <[EMAIL PROTECTED]> wrote:
>
>
> On Aug 7, 2007, at 10:05 AM, Michal Krsek wrote:
>
> >>> 5) User redirection
> >>> - You have to implement a
In article <[EMAIL PROTECTED]> you write:
>
> I suspect that the origin of the myth that DNS/TCP is more
> dangerous than DNS/UDP is that the first root expliot of
> named was over TCP not UDP. There were later exploits that
> were UDP only which totally busted the myth bu
[EMAIL PROTECTED] (Doug Barton) writes:
> ... I took this a step further and worked (together with others) on a
> patch to restrict the size of DNS answers to < 512 by returning a random
> selection of any RR set larger than that.
note that this sounds like a DNS protocol violation, and usually
I suspect that the origin of the myth that DNS/TCP is more
dangerous than DNS/UDP is that the first root expliot of
named was over TCP not UDP. There were later exploits that
were UDP only which totally busted the myth but it continues
to live.
Mar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bailey Stephen wrote:
> Hello all,
>
>
>
> Currently working on a solution at the moment where I receive specific
> /25 routes via a leased line into the global routing table via EIGRP on
> a Cisco 2801.
>
>
>
> I then need to inject these rou
[EMAIL PROTECTED] writes:
> > ... advising folks to monitor their authority servers to find out how
> > many truncated responses are going out and how many TCP sessions result
> > from these truncations and how many of these TCP sessions are killed by
> > the RFC1035 4.2.2 connection management l
On Mon, 6 Aug 2007, Drew Weaver wrote:
Is it a fairly normal practice for large companies such as Yahoo!
And Mozilla to send icmp/ping packets to DNS servers? If so, why? And a
related question would be from a service provider standpoint is there
any reason to deny ICMP/PING packets to
On Thu, Aug 09, 2007 at 09:08:05PM +, [EMAIL PROTECTED] wrote:
>
> On Thu, Aug 09, 2007 at 02:56:31PM -0400, Patrick Giagnocavo wrote:
> >
> >
> > On Aug 9, 2007, at 12:21 PM, [EMAIL PROTECTED] wrote:
> >
> > > so putting a stake in the ground, BGP will stop working @ around
> > > 2,50
On Thu, 09 Aug 2007 21:05:26 -, Paul Vixie said:
> i think you're advising folks to monitor their authority servers to find out
> how many truncated responses are going out and how many TCP sessions result
> from these truncations and how many of these TCP sessions are killed by the
> RFC1035
On Thu, Aug 09, 2007 at 02:56:31PM -0400, Patrick Giagnocavo wrote:
>
>
> On Aug 9, 2007, at 12:21 PM, [EMAIL PROTECTED] wrote:
>
> > so putting a stake in the ground, BGP will stop working @ around
> > 2,500,000 routes - can't converge... regardless of IPv4 or IPv6.
> > unless the
> > the resources given a nameserver to TCP connections are tightly
> > controlled, as described in RFC 1035 4.2.2. so while TCP/53 can become
> > unreliable during high load, the problems will be felt by initiators not
> > targets.
>
> The relevant entry in Section 1035 4.2.2 recommends that th
On Aug 8, 2007, at 5:35 PM, Paul Vixie wrote:
... but a TCP connection will consume a
significant amount of a name server's resources.
...wrong.
Wanting to understand this comment, ...
the resources given a nameserver to TCP connections are tightly
controlled, as described in RFC 103
13 matches
Mail list logo
