[dns-operations] [Ext] Nameserver responses from different IP than destination of request

Peter van Dijk peter.van.dijk at powerdns.com
Tue Sep 8 12:50:05 UTC 2020


Hello Paul,

On Tue, 2020-09-01 at 01:36 +0000, Paul Hoffman wrote:
> On Aug 31, 2020, at 6:02 PM, Brian Dickson <brian.peter.dickson at gmail.com> wrote:
> > I think the only way to get meaningful data would be an active experiment, involving an authority server (or set of servers) for a domain set up just this way.
> 
> We disagree. Another way to get meaningful data would be from someone's logs, if we can find people who are logging.

I cannot speak for any other piece of software, but the way PowerDNS
Recursor uses connected UDP sockets to talk to authoritatives means
that the kernel already drops responses from wrong addresses, so there
is no way we would even know, and thus could not log such an event even
if we wanted to.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/




More information about the dns-operations mailing list