[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-dnsext-forgery-resilience-01.txt
On Mon, 12 Nov 2007, Shane Kerr wrote:
>
> The only time you have an actual clash is when you have a duplicate
> ID+source IP+source port+destination IP+destination port for a UDP
> query, because then the resolver has no way to disambiguate the replies
> it gets.
This situation is common for stub resolvers, and for cacheing resolvers
that are doing a lot of lookups against the same zone. Any high-volume
DNS client *will* encounter problems with naive random query IDs.
Tony.
--
f.a.n.finch <dot@dotat.at> http://dotat.at/
WEST FORTIES CROMARTY FORTH TYNE WEST DOGGER: WESTERLY VEERING NORTHERLY 4 OR
5, INCREASING 5 TO 7, PERHAPS GALE 8 LATER IN TYNE AND WEST DOGGER. MODERATE
OR ROUGH. RAIN OR SHOWERS. MODERATE OR GOOD.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>