[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?

Marek Vavruša marek at vavrusa.com
Tue Mar 15 11:07:44 UTC 2016

Pretty much every (recursive) DNS does some sort of filtering, but
almost nobody supports SIT cookies.
I'm making a DNS WAF/router at this moment, but it's too early and
for-fun project only.


On 15 March 2016 at 08:20, Ralf Weber <dns at fl1ger.de> wrote:
> Moin!
> On 15 Mar 2016, at 2:20, Mark Andrews wrote:
>> A nameserver should *always* respond unless it can determine the
>> query is part of a attack.  QTYPE alone is never a indicator that
>> a query is part of attack.
> I agree that it should always respond, however that is not the
> case in the real world. There are a lot of servers out there that
> think that the only valid query type is A or give other strange
> answers.
> While it may have nothing to do with attacks these behaviours are
> out there.
> So long
> -Ralf
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list