[dns-operations] Always replying to UDP requests with TC=1, good practice or not
Paul Vixie
paul at redbarn.org
Sun Oct 18 16:39:47 UTC 2015
On Sunday, October 18, 2015 17:33:41 Stephane Bortzmeyer wrote:
> I had issues with the domain kura.io, since the name servers always
> reply with TC=0 (on IPv4; their IPv6 behaviour is more
> common). ...
i think you mean TC=1.
this supposed anti-ddos behaviour is, i heard from somewhere, patented. at
least, there's a variant where the first UDP query get TC=1 and only after the
client demonstrates that they heard your TC=1 and properly followed up with a
TCP transaction, is UDP answered normally. that variant is, i think, patented.
--
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151018/4bd19f3c/attachment.sig>
More information about the dns-operations
mailing list