Cyril Lavier wrote: > Le 27 janvier 2010 10:57, Benoit Boissinot <bbois...@gmail.com> a écrit : >> 2010/1/27 Stephane Bortzmeyer <bortzme...@nic.fr>: >>> On Tue, Jan 26, 2010 at 08:56:35PM +0100, >>> jul <jul_...@yahoo.fr> wrote >>> a message of 31 lines which said: >>> >>>> * pas Google DNS >>>> $ dig @8.8.8.8 +short rs.dns-oarc.net txt >>>> rst.x476.rs.dns-oarc.net. >>>> rst.x485.x476.rs.dns-oarc.net. >>>> rst.x490.x485.x476.rs.dns-oarc.net. >>>> "209.85.228.94 DNS reply size limit is at least 490" >>>> "209.85.228.94 lacks EDNS, defaults to 512" >>>> "Tested at 2010-01-26 19:46:05 UTC" >>> Comme OpenDNS, il ne gère pas EDNS. C'est mal (mais c'est probablement >>> dû à leur statut de résolveur DNS ouvert et leur souci d'éviter de >>> servir de relais pour des attaques par amplification, cf. >>> <http://www.bortzmeyer.org/5358.html>). >> Ce n'est pas désactivé: >> http://groups.google.com/group/public-dns-discuss/browse_thread/thread/dbb211033c886680/e24197a24866ff18 >> Mais il y a en effet une protection contre les amplifications attacks: >> http://code.google.com/speed/public-dns/docs/security.html#rate_limit >> >> Benoit >> --------------------------- >> Liste de diffusion du FRnOG >> http://www.frnog.org/ >> >> > > Chez Orange, j'ai l'impression qu'ils ont encore du boulot à faire > > cy...@dandenong:~$ dig +short rs.dns-oarc.net txt > rst.x1002.rs.dns-oarc.net. > rst.x1222.x1002.rs.dns-oarc.net. > rst.x1403.x1222.x1002.rs.dns-oarc.net. > "80.12.2.6 DNS reply size limit is at least 1403" > "80.12.2.6 sent EDNS buffer size 4096" > "Tested at 2010-01-27 10:32:23 UTC" > > A moins que ce soit mon modem-routeur qui cause ça. > > @+ >
Même chose chez orange : dig +short rs.dns-oarc.net txt rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. "209.85.128.94 DNS reply size limit is at least 490" "209.85.128.94 lacks EDNS, defaults to 512" "Tested at 2010-01-27 10:48:08 UTC" dig +short rs.dns-oarc.net txt rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. "209.85.128.94 DNS reply size limit is at least 490" "209.85.128.94 lacks EDNS, defaults to 512" "Tested at 2010-01-27 10:49:30 UTC" Dédibox : dig +short rs.dns-oarc.net txt rst.x996.rs.dns-oarc.net. rst.x1956.x996.rs.dns-oarc.net. rst.x2442.x1956.x996.rs.dns-oarc.net. "88.191.100.8 sent EDNS buffer size 4096" "88.191.100.8 DNS reply size limit is at least 2442" "Tested at 2010-01-27 10:54:23 UTC" OVH : dig +short rs.dns-oarc.net txt rst.x3827.rs.dns-oarc.net. rst.x3837.x3827.rs.dns-oarc.net. rst.x3843.x3837.x3827.rs.dns-oarc.net. "91.121.96.227 sent EDNS buffer size 4096" "91.121.96.227 DNS reply size limit is at least 3843" "Tested at 2010-01-27 10:55:26 UTC"
<<attachment: anovakovski.vcf>>
signature.asc
Description: OpenPGP digital signature