named tcp dos?
Greg Rivers
gcr+bind-users at tharned.org
Thu Aug 2 20:33:58 UTC 2018
On Thursday, August 02, 2018 22:12:38 Reindl Harald wrote:
>
> Am 02.08.2018 um 22:07 schrieb Randy Bush:
> >>> ... are there that many folk doing tcp out there?
> >> All name servers fall back to TCP when they receive truncated replies.
> >
> > we know the protocol. [ and we know folk have idiot middleboxen ]
> >
> > what i was asking was the distribution of this in the wild
>
> one word: DNSSEC
>
Indeed, DNSSEC is a prime example. My point was that TCP queries to your servers are determined largely by the size of the RRSETs you serve. If your answers don't fit in 512 bytes (without EDNS) or ~4096 bytes (with EDNS), you're going to be serving over TCP. Obviously you're way more likely to see TCP queries from systems that don't support EDNS. Perhaps you have many such systems (and or idiot middleboxen) querying you?
--
Greg
More information about the bind-users
mailing list