How to reduce the number of IP address returned when resolving a big round robin DNS entry
Mark Watts
m.watts at eris.qinetiq.com
Tue Nov 28 11:36:06 UTC 2006
> hi,
> it wasn't me !!
>
> i'm facing "message truncated" bit problem ; my BIND server send back
> 29 RRs to my DNS client.
Why on earth do you have 29 RR's for one hostname?
Use a load-balancer and ONE IP.
> But not all my DNS client accept this bit and
> use TCP instead (normal) ; for the moment i do not accept TCP
> (firewalled and not load balance, need to check BIND configuration...
> to make). So i reduce the number of entries in my big IN A round robin
> entrie. I think it's the best solution for security : DDoS attack. So
> i try to used UDP only for DNS client.
>
> i read some archive on this subject but the solution is not clear for me
>
> www.yahoo.com. 1064 IN CNAME www.yahoo.akadns.net.
> www.yahoo.akadns.net. 164 IN A 216.115.105.2
> www.yahoo.akadns.net. 164 IN A 204.71.202.160
> www.yahoo.akadns.net. 164 IN A 216.115.102.77
> www.yahoo.akadns.net. 164 IN A 216.115.102.78
> www.yahoo.akadns.net. 164 IN A 216.115.102.79
> www.yahoo.akadns.net. 164 IN A 216.115.102.80
>
> does akadns got a nsupdate tool to refresh any www.yahoo.akadns.net.
> entries each 2 minutes ? does some one know a tool doing this or any
> vendor ?
They probably set the TTL field artificially low to get around problems when a
host goes down.
> on an other way does EDNS0 RFC2671 is really used a problem like this ?
> What is the real support of RFC2671 of actual DNS client ?
> I have to fix also my firewall problem to use more than 512 byte for
> DNS over UDP.
>
> my actual DNS clients are based on IP hardphone ...!
>
> i've found the FAQ year 1999 now
> http://www.faqs.org/faqs/by-newsgroup/comp/comp.protocols.dns.bind.html
>
> sorry for the disturbing
> bye and thanks for your hospitality
>
> 2006/11/28, Barry Margolin <barmar at alum.mit.edu>:
> > In article <ekevq3$4af$1 at sf1.isc.org>,
> >
> > "besnard michel" <mbesnard at gmail.com> wrote:
> > > hi,
> > > A create an round robin entrie (IN A) with more than 50 address IP
> > > return my DNS client can accept up to around 29 entries and doesn't
> > > like truncated message
> > >
> > > Can BIND is able to reduce the number of IP returned to DNS client
> > > whitout sending truncated message ?
> >
> > Isn't this something like the 4th or 5th time you've asked about this?
> > You've already been told that BIND can't do this, why do you post the
> > same question every few months?
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Public Key ID: 455420ED
More information about the bind-users
mailing list