[dns-operations] [ratelimits] bind force qtype=ANY to TCP
Jared Mauch
jared at puck.nether.net
Thu May 16 00:17:15 UTC 2013
On May 15, 2013, at 8:03 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
> I think the patch has a false negative rate of approximately 100%.
> To check whether I am wrong again, I set up a test server and tried
> two `dig +ignore isc.org any` commands. The first got a TC=1 error
> response as expected. The second command got 3500 bytes of RRs via
> UDP. I expect (but haven't tested) that all subsequent queries get
> normal responses until all of the TTLs expire.
Heh, you're right. I'll have to tweak where that code happens…
puck:~$ dig any nothing.cnn.com. @204.42.254.5
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.9.3-rl.131.14rc2 <<>> any nothing.cnn.com. @204.42.254.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33076
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nothing.cnn.com. IN ANY
;; AUTHORITY SECTION:
cnn.com. 3600 IN SOA ns1.timewarner.net. hostmaster.turner.com. 2013051301 28800 7200 604800 3600
;; Query time: 1 msec
;; SERVER: 204.42.254.5#53(204.42.254.5)
;; WHEN: Wed May 15 20:16:00 EDT 2013
;; MSG SIZE rcvd: 116
puck:~$ dig any nothing.cnn.com. @204.42.254.5
; <<>> DiG 9.9.3-rl.131.14rc2 <<>> any nothing.cnn.com. @204.42.254.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34337
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nothing.cnn.com. IN ANY
;; AUTHORITY SECTION:
cnn.com. 3593 IN SOA ns1.timewarner.net. hostmaster.turner.com. 2013051301 28800 7200 604800 3600
;; Query time: 1 msec
;; SERVER: 204.42.254.5#53(204.42.254.5)
;; WHEN: Wed May 15 20:16:07 EDT 2013
;; MSG SIZE rcvd: 116
More information about the dns-operations
mailing list