1. 15
  1.  

  2. 7

    Next question: How many responses are clients actually willing to look at?

    Coincidentally, the limit on OpenBSD until very recently was 16. More than that, and the resolver would return “none” instead. That was a regression, since the previous limit had been 35 for a long time, and so it was restored. And the failure mode was changed from returning an error to truncating. But if you were hoping to assign 42 aliases to a host and have a single query round robin between all of them, you’re still out of luck.

    1. 4

      My tests using nslookup on ubuntu gave me all 4095 IP addresses. I also tested an application that used standard DNS libraries and found it got all 4095 queries, but it caused the app to hang for half a minute as it wasn’t prepared to handle so many responses. I bet someone, somewhere, hardcoded a buffer size to the max IPs returned in 512 byte UDP packet. =)

      BIND interestingly would rotate the IP addresses sent if you assigned more than max addresses to a domainname. The first query would be 1..4095 addresses, the next query would be 3..4098 and so on (I didn’t write down the exact numbers in my notes so actual values may vary slightly). Give bind a zone file with 16,000 IP addresses mapped to the same domainname and see what happens.

      1. 6

        Made me try it.

        First attempt with nslookup worked, but returned truncated results because my local unbound cache doesn’t permit TCP connections. That was by accident, but I doubt I’m alone, so it’s probably not a good idea to publish records that don’t fit in UDP packets for anything serious.

        Changing resolvers to the BIND server, nslookup returned everything. traceroute printed a warnng about many addresses, but ping didn’t like it all.

        ping: unknown host: many
        

        That’s the error I alluded to earlier. Now I have to go see why traceroute and ping are different. I would have assumed they’d be about the same.

        1. 4

          ping: unknown host: many

          This is both hilariously evocative and totally useless if you don’t already know what’s going on. =)

          1. 4

            I think I’ve found my new favorite way to prevent people from pinging my hosts!