nanog mailing list archives
Re: Best practice on TCP replies for ANY queries
From: Carlos Vicente <cvicente.lists () gmail com>
Date: Wed, 11 Dec 2013 17:04:40 -0500
https://kb.isc.org/article/AA-01000 On Wed, Dec 11, 2013 at 2:17 PM, Arturo Servin <arturo.servin () gmail com>wrote:
I think is better idea to rate-limit your responses rather than limiting the size of them. AFAIK, bind has a way to do it. .as On Wed, Dec 11, 2013 at 4:25 PM, Anurag Bhatia <me () anuragbhatia com> wrote:Hi ML Yeah I can understand. Even DNSSEC will have issues with it which makesmeworry about rule even today. On Wed, Dec 11, 2013 at 11:49 PM, ML <ml () kenweb org> wrote:On 12/11/2013 1:06 PM, Anurag Bhatia wrote:I am sure I am not first person experiencing this issue. Curious tohearhow you are managing it. Also under what circumstances I can get a legitimate TCP query on port 53 whose reply exceeds a basic limit oflessthen 1000 bytes?I'm not a DNS guru so I don't have an exact answer. However my gut feeling is that putting in a place a rule to drop or rate limit DNS replies greater than X bytes is probably going to come back to bite you in the future. No one can predict the future of what will constitute legitimate DNS traffic.-- Anurag Bhatia anuragbhatia.com Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter<https://twitter.com/anurag_bhatia> Skype: anuragbhatia.com
Current thread:
- Best practice on TCP replies for ANY queries Anurag Bhatia (Dec 11)
- Re: Best practice on TCP replies for ANY queries ML (Dec 11)
- Re: Best practice on TCP replies for ANY queries Anurag Bhatia (Dec 11)
- Re: Best practice on TCP replies for ANY queries Arturo Servin (Dec 11)
- Re: Best practice on TCP replies for ANY queries Jared Mauch (Dec 11)
- Re: Best practice on TCP replies for ANY queries Carlos Vicente (Dec 11)
- Re: Best practice on TCP replies for ANY queries Anurag Bhatia (Dec 11)
- Re: Best practice on TCP replies for ANY queries ML (Dec 11)
- Re: Best practice on TCP replies for ANY queries Doug Barton (Dec 11)
- Re: Best practice on TCP replies for ANY queries Anurag Bhatia (Dec 11)
- Re: Best practice on TCP replies for ANY queries Carlos Vicente (Dec 11)
- Re: Best practice on TCP replies for ANY queries Tony Finch (Dec 12)
- Re: Best practice on TCP replies for ANY queries SiNA Rabbani (Dec 12)
- Re: Best practice on TCP replies for ANY queries Paul Ferguson (Dec 12)
- Re: Best practice on TCP replies for ANY queries Alain Hebert (Dec 12)
- Re: Best practice on TCP replies for ANY queries Jared Mauch (Dec 12)
- Re: Best practice on TCP replies for ANY queries SiNA Rabbani (Dec 12)