bind-users Digest, Vol 2734, Issue 2

Mark Andrews marka at isc.org
Sun Sep 17 06:52:54 UTC 2017 

 Because it isn't all about udp size. Sending a OPT signals that the client supports EDNS. Also if you want DNSSEC you send the do with EDNS. 

-- 
Mark Andrews

> On 17 Sep 2017, at 16:10, Harshith Mulky <harshith.mulky at outlook.com> wrote:
> 
> Am 15.09.2017 um 09:37 schrieb Harshith Mulky:
> > Hello Experts,
> > 
> > I had a query on advertising the payload size on client in DNS Responses 
> > over UDP/TCP
> > 
> > 
> > This is as much I have understood from RFC 6891, that a 
> > requester(client) can address his capabilities to restrict the UDP 
> > Payload size to a limit between 512 to 4096 bytes based on his 
> > limitation when supporting EDNS Procedures.
> > 
> > Is it the same case with TCP?
> > 
> > Can we(client) advertize our capabilities over TCP to limit the payload 
> > size in Responses?
> 
> why would you want do do that?
> 
> TCP don't suffer from the problem of a faked sourcip and the repsonse 
> going back to the attacke victim! what do you imagine to happen when 
> your response data is larger? in case of UDP the fallback is simply TCP 
> and then you want to cripple that fallback?
> 
> [Harshith] But I do not understand why would OPT section required in a TCP Query. As i see from my Traces, Even TCP Queries carry a OPT section with the advertized sizes the client supports! Why would this be necessary? I do not want to cripple the fallback, but if a query is intending to do so from a resolver, how Do we stop that?
> 
> Thanks
> 
>  
> From: bind-users <bind-users-bounces at lists.isc.org> on behalf of bind-users-request at lists.isc.org <bind-users-request at lists.isc.org>
> Sent: Friday, September 15, 2017 5:30 PM
> To: bind-users at lists.isc.org
> Subject: bind-users Digest, Vol 2734, Issue 2
>  
> Send bind-users mailing list submissions to
>         bind-users at lists.isc.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
>         bind-users-request at lists.isc.org
> 
> You can reach the person managing the list at
>         bind-users-owner at lists.isc.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: What is wrong with my second $ORIGIN (Harshith Mulky)
>    2. Re: Is there a need for clients to advertize the capabilities
>       for DNS Responses over TCP (Reindl Harald)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 15 Sep 2017 01:16:08 -0700 (MST)
> From: Harshith Mulky <harshith.mulky at outlook.com>
> To: bind-users at lists.isc.org
> Subject: Re: What is wrong with my second $ORIGIN
> Message-ID: <1505463368415-0.post at n4.nabble.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Than you All.
> 
> Did not notice I had missed a trailing '.' 
> 
> Will make sure I do not miss these things the next time I test
> 
> 
> 
> --
> Sent from: http://bind-users-forum.2342410.n4.nabble.com/
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 15 Sep 2017 12:30:23 +0200
> From: Reindl Harald <h.reindl at thelounge.net>
> To: bind-users at lists.isc.org
> Subject: Re: Is there a need for clients to advertize the capabilities
>         for DNS Responses over TCP
> Message-ID: <ac3458f0-305d-fc4f-868b-bd5ffed1f41b at thelounge.net>
> Content-Type: text/plain; charset=windows-1252; format=flowed
> 
> 
> Am 15.09.2017 um 09:37 schrieb Harshith Mulky:
> > Hello Experts,
> > 
> > I had a query on advertising the payload size on client in DNS Responses 
> > over UDP/TCP
> > 
> > 
> > This is as much I have understood from RFC 6891, that a 
> > requester(client) can address his capabilities to restrict the UDP 
> > Payload size to a limit between 512 to 4096 bytes based on his 
> > limitation when supporting EDNS Procedures.
> > 
> > Is it the same case with TCP?
> > 
> > Can we(client) advertize our capabilities over TCP to limit the payload 
> > size in Responses?
> 
> why would you want do do that?
> 
> TCP don't suffer from the problem of a faked sourcip and the repsonse 
> going back to the attacke victim! what do you imagine to happen when 
> your response data is larger? in case of UDP the fallback is simply TCP 
> and then you want to cripple that fallback?
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> ------------------------------
> 
> End of bind-users Digest, Vol 2734, Issue 2
> *******************************************
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170917/d9f64880/attachment.html>

More information about the bind-users mailing list