[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?

Andrew Sullivan ajs at anvilwalrusden.com
Tue Mar 15 04:53:05 UTC 2016

On Tue, Mar 15, 2016 at 12:20:33PM +1100, Mark Andrews wrote:
> A nameserver should *always* respond unless it can determine the
> query is part of a attack.  QTYPE alone is never a indicator that
> a query is part of attack.

Wow.  Universal quantification is a dangerous tool.

It seems at least possible to me that QTYPE is not an indicator of
part of an attack of all in-principle systems.  Whether it is a type
of attack at any given server is, IMO, not something that admits of
quantifiers like "never".

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list