[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Lookup - Filter "localhost"

Subject: DNS Lookup - Filter "localhost"
From: anders at abundo.se (Anders Löwinger)
Date: Mon, 17 Nov 2014 23:49:00 +0100
In-reply-to: <[email protected]>
References: <CA+GZS2be1UwOmVvaNYinForRxJ9qu=+ALcvf4uL4_TBLsRzevg@mail.gmail.com> <[email protected]>

>> 4. Do you block non-UDP DNS requests or rate-limit requests?
> 
> Yes

Why?  RFC5966 DNS Transport over TCP - Implementation Requirements

You make it very hard for DNSSEC

>> 5. Anything else you block/filter on your DNS servers?
> 
> block fragmented packets

Why? You then block EDNS0, which DNSSEC uses. (UDP packets up to 4096 bytes,
then TCP)


/Anders

References:
- DNS Lookup - Filter "localhost"
  - From: jradke at canbytel.com (Radke, Justin)
- DNS Lookup - Filter "localhost"
  - From: list at satchell.net (Stephen Satchell)

Prev by Date: A case against vendor-locking optical modules
Next by Date: A case against vendor-locking optical modules
Previous by thread: DNS Lookup - Filter "localhost"
Next by thread: DNS Lookup - Filter "localhost"
Index(es):
- Date
- Thread