[dns-operations] Configurable TC=1?
Ralph Babel
rbabel at babylon.pfm-mainz.de
Mon Dec 21 04:32:00 UTC 2015
Mukund Sivaraman wrote:
> Ralph Babel wrote:
>
>> is there a nameserver implementation that allows
>> me to respond with a minimal TC=1 packet if ...
>>
>> sizeof(UDP-response) > sizeof(UDP-query) * x + y
>>
>> ..., x and y being fully configurable, preferably
>> on a per-address-range basis, maybe even dependent
>> upon the query type?
>
> What is possible from having a nameserver
> that supports this arithmetic?
You could make amplification attacks unattractive
by no longer amplifying anything (or by keeping the
possible amplification factor sufficiently small).
> Some nameservers implement an absolute maximum
> message size limit setting [...] that is sufficient
> if one wants to truncate UDP responses above a limit.
Truncating at a fixed upper bound doesn't help, as BPS
amplification obviously depends on the query size as well.
More information about the dns-operations
mailing list