[dns-operations] Configurable TC=1?
jared at puck.nether.net
Mon Dec 21 20:56:44 UTC 2015
On Sun, Dec 20, 2015 at 03:27:00PM +0100, Ralph Babel wrote:
> Ralf Weber wrote:
> > If we switch DNS to TCP there will be a huge cost
> > in implementing this, as TCP just doesn't scale
> > the way UDP does
> True; so is there a nameserver implementation that
> allows me to respond with a minimal TC=1 packet if ...
> sizeof(UDP-response) > sizeof(UDP-query) * x + y
> ..., x and y being fully configurable, preferably
> on a per-address-range basis, maybe even dependent
> upon the query type?
> (not so much related to the "Storm on the DNS"
> issue but to DNS amplification attacks)
RRL is closer to the 'right' solution, but
you could likely do something in this part of the BIND
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the dns-operations