[76589] in North American Network Operators' Group
Re: Anycast 101
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Dec 16 20:00:56 2004
From: "Steven M. Bellovin" <smb@research.att.com>
To: crist.clark@globalstar.com
Cc: Iljitsch van Beijnum <iljitsch@muada.com>,
NANOG list <nanog@nanog.org>
In-Reply-To: Your message of "Thu, 16 Dec 2004 16:05:23 PST."
<41C222C3.9020906@globalstar.com>
Date: Thu, 16 Dec 2004 19:59:58 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <41C222C3.9020906@globalstar.com>, Crist Clark writes:
>
>Iljitsch van Beijnum wrote:
>
>> Due to limitations in the DNS protocol, it's not possible
>> to increase the number of authoritative DNS servers for a zone beyond
>> around 13.
>
>I believe you misspelled, "Due to people who do not understand the DNS
>protocol being allowed to configure firewalls..."
No, firewalls have nothing to do with it. Section 4.2.1 of RFC 1035
says:
Messages carried by UDP are restricted to 512 bytes (not counting the IP
or UDP headers).
There's a large installed base of machines that conform to that limit
and don't understand EDNS0. I'll leave the packet layout and
arithmetic as an exercise for the reader (cheaters may want to run
tcpdump on 'dig ns .' and examine the result), but the net result is
what Iljitsch said: you can only fit about 13 servers into a response.
--Steve Bellovin, http://www.research.att.com/~smb
