Help about DNS documentation
Marco M.
mm at dorfdsl.de
Fri Nov 3 17:11:00 UTC 2023
Am 03.11.2023 um 15:20:50 Uhr schrieb Amaury Van Pevenaeyge:
> Hello everyone,
>
> I'm currently a final year Master's student at the Free University of
> Brussels. As part of my Master's thesis, I have to implement a DNS
> amplification scenario within a Cyber Range. However, before
> achieving this final goal, I first need to make amplification rate
> measurements within a virtual machine system. I therefore have a few
> questions about the DNS protocol and DNS servers.
>
>
> * Why do some DNS servers respond via TCP to an ANY query made
> under UDP?
As I told you, they simply can't do that. But the client (e.g. dig or
any other DNS client) can use TCP to query ANY. You can use a sniffer
like Wireshark to see what is really transferred.
> I have read in RFC8482 that modern DNS servers try to
> limit responses to ANY queries in order to limit the impact of their
> use in DNS amplification attack but I would like to learn more about
> the security measures/best practices currently in place for this type
> of query and for big TXT responses. Does anyone have any sources or
> other RFCs that might be useful?
The ANY record is, according to the RFC, mostly used for debugging
stuff, but not for productive stuff. Maybe disable replies to it and
check which services refuse to run anymore.
> * Would you have any advice/recommendations or sources on the
> legal Framework to be respected for my Master’s thésis, so that I can
> carry out my various measures without being illegal or alerting
> certain entities?
Do the tests on you own network and spoof you own network's IP
addresses.
More information about the bind-users
mailing list