Can someone from Comcast that works with the customer resolvers (
cdns01.comcast.net / cdns02.comcast.net) please contact me off list? The
01 resolver is sometimes not returning complete results when the DNS query
type is set to ANY for $dayjob's domain.
-Grant
* shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 10:49 CET]:
Can someone from Comcast that works with the customer resolvers (
cdns01.comcast.net / cdns02.comcast.net) please contact me off list?
The 01 resolver is sometimes not returning complete results when the
DNS query type is
Both of Google’s public DNS servers return complete results every time and one
of the two comcast ones works fine.
If this is working by design, can you provide the RFC with that info?
-Grant
On Dec 3, 2014, at 2:51 AM, Niels Bakker niels=na...@bakker.net wrote:
* shortdudey...@gmail.com
* shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
Both of Google’s public DNS servers return complete results every
time and one of the two comcast ones works fine.
If this is working by design, can you provide the RFC with that info?
An ANY query will typically return
On 12/03/2014 04:04 AM, Niels Bakker wrote:
* shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
Both of Google’s public DNS servers return complete results every time
and one of the two comcast ones works fine.
If this is working by design, can you provide the RFC with that
Hello!
But any other DNS type can be used for DNS amplification. RRL is right
solution for amplification issue. I recommend NSD DNS server because
it's reliable, has complete support of DNSSEC, IPv6 and RRL.
On Wed, Dec 3, 2014 at 5:08 PM, Stephen Satchell l...@satchell.net wrote:
On 12/03/2014
So have A record queries. Do you filter those as well?
Jared Mauch
On Dec 3, 2014, at 9:08 AM, Stephen Satchell l...@satchell.net wrote:
On 12/03/2014 04:04 AM, Niels Bakker wrote:
* shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
Both of Google’s public DNS servers
No. When I've been victim of DNS amplification attacks, the packet
capture showed that the attacker used ANY queries. Legit ANY queries on
my recursive servers? Damn few. So I block. Not so on my
authoritative servers, where ANY queries on the domains I host zone
files for have not caused any
Shouldn't everyone be on IPv6 these days anyway ;)
On 12/3/2014 10:28 AM, Jared Mauch wrote:
So have A record queries. Do you filter those as well?
Jared Mauch
On Dec 3, 2014, at 9:08 AM, Stephen Satchell l...@satchell.net wrote:
On 12/03/2014 04:04 AM, Niels Bakker wrote:
*
On 12/3/14, 6:53 AM, Grant Ridder shortdudey...@gmail.com wrote:
Both of Google¹s public DNS servers return complete results every time
and one of the two comcast ones works fine.
If this is working by design, can you provide the RFC with that info?
Comparing different resolvers often compares
Hi Everyone,
Thanks for the replies! After reading them, i am doing some digging into
DNS RFC's and haven't found much with respect to ANY queries. Not
responding with full results to protect against being used in an attack
makes sense. However, I find it odd that only 1 of the 4 anycast
On Dec 3, 2014, at 10:45 AM, Stephen Satchell l...@satchell.net wrote:
No. When I've been victim of DNS amplification attacks, the packet
capture showed that the attacker used ANY queries. Legit ANY queries on
my recursive servers? Damn few. So I block. Not so on my
authoritative
Did more digging and found the RFC regarding ANY queries:
3.2.3 - * 255 A request for all records
https://www.ietf.org/rfc/rfc1035.txt
However Wikipedia (http://en.wikipedia.org/wiki/List_of_DNS_record_types)
lists this as a request for All cached records instead of A request for
all records per
On 12/3/14 10:07 AM, Grant Ridder wrote:
Did more digging and found the RFC regarding ANY queries:
3.2.3 - * 255 A request for all records
https://www.ietf.org/rfc/rfc1035.txt
When listing URLs for RFCs it's better to use the tools site, as it
gives a much better experience:
On Wed, Dec 03, 2014 at 10:07:04AM -0800, Grant Ridder wrote:
Did more digging and found the RFC regarding ANY queries:
3.2.3 - * 255 A request for all records
https://www.ietf.org/rfc/rfc1035.txt
However Wikipedia (http://en.wikipedia.org/wiki/List_of_DNS_record_types)
lists this as a
It's also entirely possible that the behavior observed will change because
of testing. The more a test looks different from normal residential
traffic the more likely that it's going to be handled differently.
Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000
Ah that makes sense. I am not going to worry about the inconstancy then.
Thanks to everyone that replied!!
-Grant
On Wed, Dec 3, 2014 at 10:30 AM, Doug Barton do...@dougbarton.us wrote:
On 12/3/14 10:07 AM, Grant Ridder wrote:
Did more digging and found the RFC regarding ANY queries:
DNS Cookies / SIT (DNS Cookies w/o the error code) will also deal
with forged traffic. It allows you to identify traffic from a
client that you have replied to in the past and to which you can
safely send a large response. It lets you sort the wheat from the
chaff.
18 matches
Mail list logo