[dns-operations] Configurable TC=1?

Jared Mauch jared at puck.nether.net
Mon Dec 21 20:56:44 UTC 2015

On Sun, Dec 20, 2015 at 03:27:00PM +0100, Ralph Babel wrote:
> Ralf Weber wrote:
> > If we switch DNS to TCP there will be a huge cost
> > in implementing this, as TCP just doesn't scale
> > the way UDP does
> True; so is there a nameserver implementation that
> allows me to respond with a minimal TC=1 packet if ...
>   sizeof(UDP-response) > sizeof(UDP-query) * x + y
> ..., x and y being fully configurable, preferably
> on a per-address-range basis, maybe even dependent
> upon the query type?
> (not so much related to the "Storm on the DNS"
> issue but to DNS amplification attacks)

	RRL is closer to the 'right' solution, but
you could likely do something in this part of the BIND


	- Jared

Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the dns-operations mailing list