[dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

Fred Morris m3047 at m3047.net
Wed Sep 16 16:26:58 UTC 2020


On Tue, 15 Sep 2020, Brian Somers wrote:
> My argument goes something like this.  When a DNS request is sent, 
> the client (whether a stub or a resolver) is the most qualified to 
> know specifics about the “connection” and is also the target of 
> fragmentation attacks.

Based on my field experience (and I wrote 
https://github.com/m3047/tcp_only_forwarder as a response to what I 
observed in regards to stub resolvers), the issue here isn't "attacks" but 
simply that resolver protocol is stuck in the 1980s and if a complete UDP 
"message" (presumably meaning "all fragments") isn't received then TC=1 is 
never recognized (because the response is never recognized) and TCP is 
never tried.

--

Fred Morris


More information about the dns-operations mailing list