[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?

Doug Barton dougb at dougbarton.email
Tue Mar 15 01:41:33 UTC 2016


On 03/14/2016 06:20 PM, Mark Andrews wrote:
> In message <56E75C41.1060304 at dougbarton.email>, Doug Barton writes:
>> Interesting question came up today, and while I think the answer is
>> "No," I wanted to ask the smart kids. :)
>>
>> Are there any name servers in play today that will only answer for a
>> certain QTYPE if the query comes via either TCP, or UDP with cookies?
>
> Not that I am aware of.
>
>> And a related question, is anyone thinking of developing some?
>
> A nameserver should *always* respond unless it can determine the
> query is part of a attack.  QTYPE alone is never a indicator that
> a query is part of attack.
>
> Named will avoid rate limiting if there is a valid server cookie
> in the query.

Thanks Mark, this is just what I was looking for. :)

Doug




More information about the dns-operations mailing list