[dns-operations] TC=1 with RA=0 from a recursive resolver

Matthew Pounsett matt at conundrum.com
Fri Mar 18 22:32:21 UTC 2016


> On Mar 18, 2016, at 16:25 , bert hubert <bert.hubert at powerdns.com> wrote:
> 
> 
> The device/software that does the TC intervention is possibly not even in a
> position to *know* the proper valua of the RA bit without sending on the
> actual question, which does not help in reducing the load under DoS.

Other than with the relatively new exception of RRL, doesn’t setting TC=1 pretty much require you to already know what you’re going to answer?  It seems to me that any server configured to answer recursively should be responding with RA=1, regardless of whether it is giving the complete answer over UDP, or sending the client to TCP.






More information about the dns-operations mailing list