[dns-operations] Software that refuses an answer by QTYPE if it comes over plain UDP?
Tony Finch
dot at dotat.at
Tue Mar 15 15:10:34 UTC 2016
Doug Barton <dougb at dougbarton.email> wrote:
>
> Are there any name servers in play today that will only answer for a certain
> QTYPE if the query comes via either TCP, or UDP with cookies?
Not a direct answer, but your question made me think about
https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any
and I soon realised that the behaviour you imply will not be helpful in
some situations. In particular, if you are getting QTYPE=ANY attack
traffic from a lot of legitimate resolvers (that implement cookies and
TCP) because clients of those resolvers are participating in an attack,
you still want to minimize your answers. http://fanf.livejournal.com/140566.html
This is just by way of a warning; I don't intend to make any suggestions
or generalizations.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Tyne, Dogger: Northeast veering east 3 or 4. Smooth or slight. Fog patches.
Moderate or good, occasionally very poor.
More information about the dns-operations
mailing list