[dnsdist] addAnyTCRule() explenation
Federico Olivieri
lvrfrc87 at gmail.com
Wed Feb 10 23:24:20 UTC 2016
Hi everybody,
I'm trying to get a better understanding of this rule. Basically, I want
move from iptable block ANY query to something similar in dnsdist.
In the README I found this rule:
- addAnyTCRule(): generate TC=1 answers to ANY queries received over
UDP, moving them to TCP
However is not clear to me if I have and UDP ANY request (and in case of
DDoS attack, more then one!) why I should reply back to use TCP. How can
this mitigate a potential DDoS attack based on ANY queries?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160210/746d82ad/attachment.html>
More information about the dnsdist
mailing list