DNS Lookup - Filter "localhost"

Anders Löwinger anders at abundo.se
Mon Nov 17 22:49:00 UTC 2014

Previous message (by thread): DNS Lookup - Filter "localhost"
Next message (by thread): DNS Lookup - Filter "localhost"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> 4. Do you block non-UDP DNS requests or rate-limit requests?
> 
> Yes

Why?  RFC5966 DNS Transport over TCP - Implementation Requirements

You make it very hard for DNSSEC

>> 5. Anything else you block/filter on your DNS servers?
> 
> block fragmented packets

Why? You then block EDNS0, which DNSSEC uses. (UDP packets up to 4096 bytes,
then TCP)


/Anders

Previous message (by thread): DNS Lookup - Filter "localhost"
Next message (by thread): DNS Lookup - Filter "localhost"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the NANOG mailing list