[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Best practice on TCP replies for ANY queries

Subject: Best practice on TCP replies for ANY queries
From: me at anuragbhatia.com (Anurag Bhatia)
Date: Wed, 11 Dec 2013 23:55:14 +0530
In-reply-to: <[email protected]>
References: <CAJ0+aXZ5kC=ngBYdZbK2A+d296uVotdyTHBii4NgJTtbdyGhDw@mail.gmail.com> <[email protected]>

Hi ML



Yeah I can understand. Even DNSSEC will have issues with it which makes me
worry about rule even today.


On Wed, Dec 11, 2013 at 11:49 PM, ML <ml at kenweb.org> wrote:

> On 12/11/2013 1:06 PM, Anurag Bhatia wrote:
> >
> > I am sure I am not first person experiencing this issue. Curious to hear
> > how you are managing it. Also under what circumstances I can get a
> > legitimate TCP query on port 53 whose reply exceeds a basic limit of less
> > then 1000 bytes?
> >
> >
> >
>
> I'm not a DNS guru so I don't have an exact answer.  However my gut
> feeling is that putting in a place a rule to drop or rate limit DNS
> replies greater than X bytes is probably going to come back to bite you
> in the future.
>
> No one can predict the future of what will constitute legitimate DNS
> traffic.
>
>


-- 


Anurag Bhatia
anuragbhatia.com

Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
Twitter<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com

Follow-Ups:
- Best practice on TCP replies for ANY queries
  - From: arturo.servin at gmail.com (Arturo Servin)

References:
- Best practice on TCP replies for ANY queries
  - From: me at anuragbhatia.com (Anurag Bhatia)
- Best practice on TCP replies for ANY queries
  - From: ml at kenweb.org (ML)

Prev by Date: Best practice on TCP replies for ANY queries
Next by Date: BRAS
Previous by thread: Best practice on TCP replies for ANY queries
Next by thread: Best practice on TCP replies for ANY queries
Index(es):
- Date
- Thread