[dns-operations] Force TCP for external quereis to Open Resolvers?

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Apr 1 15:07:45 UTC 2013

On Sun, Mar 31, 2013 at 12:54:23PM -0400,
 Paul Wouters <paul at nohats.ca> wrote 
 a message of 34 lines which said:

> Not true. unbound allows you to only accept clients using TCP.

Ah, thanks, I should read the documentation more closely.

OK, I've set up an open resolver (best effort only) with this
configuration at / 2001:4b98:dc0:47:216:3eff:fe1b:4672.
Does anyone see a security issue with such TCP-only open resolvers?

Xun Fan, do you think such TCP-only open resolvers, alone, or together
with DNS looking glasses <http://www.bortzmeyer.org/dns-lg.html> could
be sufficient for researchers?

More information about the dns-operations mailing list