[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?

Mark Andrews marka at isc.org
Tue Mar 15 01:20:33 UTC 2016

In message <56E75C41.1060304 at dougbarton.email>, Doug Barton writes:
> Interesting question came up today, and while I think the answer is 
> "No," I wanted to ask the smart kids. :)
> Are there any name servers in play today that will only answer for a 
> certain QTYPE if the query comes via either TCP, or UDP with cookies?

Not that I am aware of.
> And a related question, is anyone thinking of developing some?

A nameserver should *always* respond unless it can determine the
query is part of a attack.  QTYPE alone is never a indicator that
a query is part of attack.

Named will avoid rate limiting if there is a valid server cookie
in the query.

> Doug
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list