Maybe it's just me, but isn't there something odd about a DNS query
coming back with 78 entries for the same host? It sends back an UDP
packet that gets truncated and the DNS resolver reverts to TCP to get
the full list.
It seems to cause problems with Windows clients and/or Windows DNS
servers. Seems like overkill.
Here is a dig on www.neopets.com:
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.2.1 <<>> www.neopets.com @ns2.neopets.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34814
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 78, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.neopets.com. IN A
;; ANSWER SECTION:
www.neopets.com. 1582 IN A 198.172.122.97
www.neopets.com. 1582 IN A 198.172.122.98
www.neopets.com. 1582 IN A 198.172.122.101
... many lines deleted ...
www.neopets.com. 1582 IN A 198.172.122.194
www.neopets.com. 1582 IN A 198.172.122.196
www.neopets.com. 1582 IN A 198.172.122.197
;; AUTHORITY SECTION:
neopets.com. 2434 IN NS ns1.neopets.com.
neopets.com. 2434 IN NS ns2.neopets.com.
;; Query time: 53 msec
;; SERVER: 198.172.121.14#53(ns2.neopets.com)
;; WHEN: Wed Feb 5 16:42:45 2003
;; MSG SIZE rcvd: 1349
Maybe it's just me, but isn't there something odd about a DNS query
coming back with 78 entries for the same host? It sends back an UDP
packet that gets truncated and the DNS resolver reverts to TCP to get
the full list.
This is often used for server pools (as I'm guessing you know).
It seems to cause problems with Windows clients and/or Windows DNS
servers. Seems like overkill.
The 78 addresses listed here are all in one bit of a /24. In the cases I've
seen, there are a few servers listed in several different locations,
network- (and location-) wise. I agree that this looks really weird. Perhaps
they use it as a cheap load balancer?
Cheers,
Alex Lambert
alambert@quickfire.org
> Maybe it's just me, but isn't there something odd about a DNS query
> coming back with 78 entries for the same host? It sends back an UDP
> packet that gets truncated and the DNS resolver reverts to TCP to get
> the full list.
This is often used for server pools (as I'm guessing you know).
> It seems to cause problems with Windows clients and/or Windows DNS
> servers. Seems like overkill.
The 78 addresses listed here are all in one bit of a /24. In the
cases I've
seen, there are a few servers listed in several different locations,
network- (and location-) wise. I agree that this looks really
weird. Perhaps
they use it as a cheap load balancer?
Perhaps they use it to pad their IP allocations??
DJ
When I worked for NeoPets in the summer of 2000 they had a server farm about
that size. It was behind a NetFoundry (I think) Load Balancer at the time.
Perhaps their load balancer died and they had to get back up in a hurry.
Thanks,
Adam "Tauvix" Debus
Linux Certified Professional, Linux Certified Administrator #447641
Network Administrator, ReachONE Internet
adam@reachone.com
Maybe it's just me, but isn't there something odd about a DNS query
coming back with 78 entries for the same host? It sends back an UDP
packet that gets truncated and the DNS resolver reverts to TCP to get
the full list.
It is not necessarily odd. Network management applications such as OpenView
work best if the DNS lookup for a router returns all the addresses
configured on the router. The UDP packet can overflow and be truncated with
22 entries.
It seems to cause problems with Windows clients and/or Windows DNS
servers. Seems like overkill.
I feel your pain because I use a DNS module in my scripts that craps out
when it sees one of these truncated packets, but then the problem is with
the client and not DNS. It is too bad that the DNS packet size can't be
increased to 1500B.
David Russell
ThruPoint, Inc
Maybe it's just me, but isn't there something odd about a DNS query
coming back with 78 entries for the same host? It sends back an UDP
packet that gets truncated and the DNS resolver reverts to TCP to get
the full list.
It seems to cause problems with Windows clients and/or Windows DNS
servers. Seems like overkill.
neopets.com has been blatantly and furiously attempting to spam me for
several months: http://mrtg.snark.net/nullstats.cgi
If they lack the sense to stop trying to relay to a host that does not
even ACK their SYNs after several thousand tries, I suspect their
proficiency at configuring rfc-compliant DNS might be lacking as well.
Shockingly, emails to abuse@verio have been incredibly useless.
matto
--mghali@snark.net------------------------------------------<darwin><
Flowers on the razor wire/I know you're here/We are few/And far
between/I was thinking about her skin/Love is a many splintered
thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
The 78 addresses listed here are all in one bit of a /24. In the cases I've
seen, there are a few servers listed in several different locations,
network- (and location-) wise. I agree that this looks really weird. Perhaps
they use it as a cheap load balancer?
For your routing convenience:
matt@pants:~$ mysql -e 'select network, mask, owner from routes where
owner="NeoPets";' spam
Just out of interest, what RFC do you think has been violated in this case?
Just out of interest, what RFC do you think has been violated in this
case?
I haven't chosen to delve into debugging the "Odd DNS responses for
www.neopets.com" myself- I have no personal interest in any sort of
connectivity with them. I was simply operating off the information in
the Subject line of the original email.
matto
--mghali@snark.net------------------------------------------<darwin><
Flowers on the razor wire/I know you're here/We are few/And far
between/I was thinking about her skin/Love is a many splintered
thing/Don't be afraid now/Just walk on in. #include <disclaim.h>