[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?
Mark Andrews
marka at isc.org
Tue Mar 15 01:20:33 UTC 2016
In message <56E75C41.1060304 at dougbarton.email>, Doug Barton writes:
> Interesting question came up today, and while I think the answer is
> "No," I wanted to ask the smart kids. :)
>
> Are there any name servers in play today that will only answer for a
> certain QTYPE if the query comes via either TCP, or UDP with cookies?
Not that I am aware of.
> And a related question, is anyone thinking of developing some?
A nameserver should *always* respond unless it can determine the
query is part of a attack. QTYPE alone is never a indicator that
a query is part of attack.
Named will avoid rate limiting if there is a valid server cookie
in the query.
> Doug
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list