nanog mailing list archives
Re: DNS noise
From: Nick Hilliard <nick () foobar org>
Date: Fri, 06 Apr 2012 19:04:41 +0100
On 06/04/2012 18:41, Nathan Eisenberg wrote:
Anyone else seeing this sort of noise lately?
There has been a bit of that recently for ripe.net and several other well known DNSSEC enabled domains (e.g. isc.org). It turns out that DNSSEC makes a respectable traffic amplification vector:
twinkie# dig +ignore +notcp any ripe.net | grep rcvd ;; MSG SIZE rcvd: 490 twinkie#
The dns request packet size was 26 bytes. Add packet overhead to both the request and the reply, and you end up with: request: 26 (data) + 8 (udp) + 20 (ip) + 18 (ethernet frame) + ipg (12) + 8 (preamble) = 92 reply: 490 (data) + 8 (udp) + 20 (ip) + 18 (ethernet frame) + ipg (12) + 8 (preamble) = 556 => amplification on ethernet medium == 556/92, or slightly more than 6x. Welcome back to the 1990s. Nick
Current thread:
- DNS noise Nathan Eisenberg (Apr 06)
- Re: DNS noise Keegan Holley (Apr 06)
- Re: DNS noise Michael Sinatra (Apr 06)
- Re: DNS noise PC (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise Nick Hilliard (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise David Conrad (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise David Conrad (Apr 06)
- Re: DNS noise Jared Mauch (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise Keegan Holley (Apr 06)
- <Possible follow-ups>
- Re: DNS noise Joe St Sauver (Apr 06)