[Pdns-users] Enforcing clients to use TCP for DNS queries

Oguz Yilmaz oguzyilmazlist at gmail.com
Tue Jun 5 09:52:34 UTC 2012


Hi Peter,

UDP DNS is open to spoofing. Setting TC bit and requesting TCP query
may be a mechanism for client identity authenticity. However, what do
you think about interoperability of clients when they get a re-query
request through TC bit?

Kind Regards,


--
Oguz YILMAZ


On Mon, Jun 4, 2012 at 10:37 PM, Peter van Dijk
<peter.van.dijk at netherlabs.nl> wrote:
> Hello Oguz,
>
> On Jun 4, 2012, at 16:03 , Oguz Yilmaz wrote:
>
>> AFAIK, standard says "send <truncated> response to Udp queries with
>> more then 500 bytes in query or response. (If not, correct me pls.). I
>> want to able to enforce users to use directly TCP. Is it possible with
>> pdns to enforce such a conversion? The server is not a public or not a
>> recursive server
>
>
> You cannot, from the server side, enforce users to use TCP directly - clients initiate communication and they do that over UDP.
>
> If you mean that you want to force all communications from UDP to TCP immediately, you could patch PowerDNS to always set the TC (truncated) bit.
>
> But I have to ask: why?
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



More information about the Pdns-users mailing list