[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?
Andrew Sullivan
ajs at anvilwalrusden.com
Tue Mar 15 04:53:05 UTC 2016
On Tue, Mar 15, 2016 at 12:20:33PM +1100, Mark Andrews wrote:
> A nameserver should *always* respond unless it can determine the
> query is part of a attack. QTYPE alone is never a indicator that
> a query is part of attack.
Wow. Universal quantification is a dangerous tool.
It seems at least possible to me that QTYPE is not an indicator of
part of an attack of all in-principle systems. Whether it is a type
of attack at any given server is, IMO, not something that admits of
quantifiers like "never".
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list