[dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01
Fred Morris
m3047 at m3047.net
Wed Sep 16 16:26:58 UTC 2020
On Tue, 15 Sep 2020, Brian Somers wrote:
> My argument goes something like this. When a DNS request is sent,
> the client (whether a stub or a resolver) is the most qualified to
> know specifics about the “connection” and is also the target of
> fragmentation attacks.
Based on my field experience (and I wrote
https://github.com/m3047/tcp_only_forwarder as a response to what I
observed in regards to stub resolvers), the issue here isn't "attacks" but
simply that resolver protocol is stuck in the 1980s and if a complete UDP
"message" (presumably meaning "all fragments") isn't received then TC=1 is
never recognized (because the response is never recognized) and TCP is
never tried.
--
Fred Morris
More information about the dns-operations
mailing list