[Pdns-users] Enforcing clients to use TCP for DNS queries
oguzyilmazlist at gmail.com
Tue Jun 5 09:52:34 UTC 2012
UDP DNS is open to spoofing. Setting TC bit and requesting TCP query
may be a mechanism for client identity authenticity. However, what do
you think about interoperability of clients when they get a re-query
request through TC bit?
On Mon, Jun 4, 2012 at 10:37 PM, Peter van Dijk
<peter.van.dijk at netherlabs.nl> wrote:
> Hello Oguz,
> On Jun 4, 2012, at 16:03 , Oguz Yilmaz wrote:
>> AFAIK, standard says "send <truncated> response to Udp queries with
>> more then 500 bytes in query or response. (If not, correct me pls.). I
>> want to able to enforce users to use directly TCP. Is it possible with
>> pdns to enforce such a conversion? The server is not a public or not a
>> recursive server
> You cannot, from the server side, enforce users to use TCP directly - clients initiate communication and they do that over UDP.
> If you mean that you want to force all communications from UDP to TCP immediately, you could patch PowerDNS to always set the TC (truncated) bit.
> But I have to ask: why?
> Kind regards,
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
More information about the Pdns-users