[dns-operations] Always replying to UDP requests with TC=1, good practice or not

Paul Vixie paul at redbarn.org
Sun Oct 18 16:39:47 UTC 2015


On Sunday, October 18, 2015 17:33:41 Stephane Bortzmeyer wrote:
> I had issues with the domain kura.io, since the name servers always
> reply with TC=0 (on IPv4; their IPv6 behaviour is more
> common). ...

i think you mean TC=1.

this supposed anti-ddos behaviour is, i heard from somewhere, patented. at 
least, there's a variant where the first UDP query get TC=1 and only after the 
client demonstrates that they heard your TC=1 and properly followed up with a 
TCP transaction, is UDP answered normally. that variant is, i think, patented.

-- 
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151018/4bd19f3c/attachment.sig>


More information about the dns-operations mailing list