Is there a need for clients to advertize the capabilities for DNS Responses over TCP

Reindl Harald h.reindl at
Fri Sep 15 10:30:23 UTC 2017

Am 15.09.2017 um 09:37 schrieb Harshith Mulky:
> Hello Experts,
> I had a query on advertising the payload size on client in DNS Responses 
> over UDP/TCP
> This is as much I have understood from RFC 6891, that a 
> requester(client) can address his capabilities to restrict the UDP 
> Payload size to a limit between 512 to 4096 bytes based on his 
> limitation when supporting EDNS Procedures.
> Is it the same case with TCP?
> Can we(client) advertize our capabilities over TCP to limit the payload 
> size in Responses?

why would you want do do that?

TCP don't suffer from the problem of a faked sourcip and the repsonse 
going back to the attacke victim! what do you imagine to happen when 
your response data is larger? in case of UDP the fallback is simply TCP 
and then you want to cripple that fallback?

More information about the bind-users mailing list