[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?

Warren Kumari warren at kumari.net
Tue Mar 15 06:50:20 UTC 2016


On Tue, Mar 15, 2016 at 2:16 PM Kumar Ashutosh <Kumar.Ashutosh at microsoft.com>
wrote:

> Hi Doug
> The answer is "YES"
> Please check out Windows DNS Server Policies {
> https://technet.microsoft.com/en-us/library/mt169379.aspx }
>
> You can create DNS policies to control how a DNS Server handles queries
> based on different parameters { or a combination of the parameters }.
>
>
Whoa. That's kinda sexy. Thanks.

You can also to something similar (and / or shoot yourself in the foot, you
have much power) using PowerDNS and Lua. See
https://doc.powerdns.com/md/recursor/scripting/ or
https://github.com/PowerDNS/pdns/blob/master/pdns/powerdns-example-script.lua

W


> One of these parameters is QTYPE -Type of record being queried
> A sample use case is here :
> https://blogs.technet.microsoft.com/networking/2015/05/18/applying-filters-on-dns-queries-using-windows-dns-server-policies/
> (Check the section on 'Block a type of query' )
>
> Thanks
> Ashu
> Microsoft
>
> -----Original Message-----
> From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On
> Behalf Of Doug Barton
> Sent: Tuesday, March 15, 2016 06:20
> To: dns-operations at dns-oarc.net
> Subject: [dns-operations] Software that refuses an answer by QTYPE if it
> comes over plain UDP?
>
> Interesting question came up today, and while I think the answer is "No,"
> I wanted to ask the smart kids. :)
>
> Are there any name servers in play today that will only answer for a
> certain QTYPE if the query comes via either TCP, or UDP with cookies?
>
> And a related question, is anyone thinking of developing some?
>
> Doug
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
>
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-operations&data=01%7c01%7ckumar.ashutosh%40microsoft.com%7c8d71156f9d214d63c43808d34c6d4afa%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=fbeMz%2bGUw1GUgTqya9czSZcv4M4xAHNTrHUqgIqGh5E%3d
> dns-jobs
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-operations&data=01%7c01%7ckumar.ashutosh%40microsoft.com%7c8d71156f9d214d63c43808d34c6d4afa%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=fbeMz%2bGUw1GUgTqya9czSZcv4M4xAHNTrHUqgIqGh5E%3ddns-jobs>
> mailing list
>
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-jobs&data=01%7c01%7ckumar.ashutosh%40microsoft.com%7c8d71156f9d214d63c43808d34c6d4afa%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=AFUPLOjt7XTVFT2JwYbFPulrJyn711AWTDE%2fYEIWNs8%3d
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160315/3f8b926c/attachment.html>


More information about the dns-operations mailing list