how to verify Pipelined TCP and DNSCOOKIE

Tony Finch dot at dotat.at
Tue Sep 4 14:13:00 UTC 2018


Rodrigo Reyna <usesforskypeonly at gmail.com> wrote:

> I don't know how to confirm [Pipelined TCP queries(RFC7766)].
> Specifically, please tell me if there is a method to check with the command
> such as dig for the server on which BIND 9.11 is running.

`mdig` comes with BIND and does multiple concurrent queries, so you can
check pipelining behaviour like this:

$ rndc flush; mdig +tcp +noall +answer @::1 \
	www.melbourne.edu.au \
	www.u-tokyo.ac.jp \
	www.uonbi.ac.ke \
	www.puc-rio.br \
	web.mit.edu \
	www.cam.ac.uk

A good selection of sites near and far should nicely demonstrate
out-of-order replies. If you don't flush the cache first then you'll get
the answers in an effectively random order.

For years I have used `adns` for bulk concurrent queries, and it's really
good at pipelining queries over a TCP connection.

> The other is about [DNSCOOKIE].

Dunno this one I'm afraid.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
a fair, free and open society


More information about the bind-users mailing list