named tcp dos?
Randy Bush
randy at psg.com
Thu Aug 2 20:47:21 UTC 2018
>>>>> ... are there that many folk doing tcp out there?
>>>> All name servers fall back to TCP when they receive truncated
>>>> replies.
>>>
>>> we know the protocol. [ and we know folk have idiot middleboxen ]
>>>
>>> what i was asking was the distribution of this in the wild
>>
>> one word: DNSSEC
> Indeed, DNSSEC is a prime example. My point was that TCP queries to
> your servers are determined largely by the size of the RRSETs you
> serve. If your answers don't fit in 512 bytes (without EDNS) or ~4096
> bytes (with EDNS), you're going to be serving over TCP.
as i said, let's assume we know the protocol.
> Obviously you're way more likely to see TCP queries from systems that
> don't support EDNS. Perhaps you have many such systems (and or idiot
> middleboxen) querying you?
two $dayjobs are interfering with my trying to schedule the time to
actually measure what i am seeing on my servers. :) there are a fair
number of zones here, including a large cctld with a lot of signage.
so my guess (i.e. no real measurements [0]) is that at least that server
sees a higher tcp ratio than the average bear.,
but if i get those data, are they 'normal?' are they similar to what
others see?
randy
[0] - i confess to being a measurement researcher in one of my real
lives. so i take measurement a bit seriously. but i have not
been measuring dns for a couple of decades.
More information about the bind-users
mailing list