Hi Dinko, On 11/3/20 11:52 AM, Dinko Korunic wrote: > On 3 Nov 2020, at 10:51, Emeric Brun <eb...@haproxy.com> wrote: >> >>> […] >>> >>> We are requesting the community and experienced users of DNS servers to >>> share their thoughts about this. >> >> sub-questions are about modern DNS servers: >> - do they support DNS over TCP? >> - do they support persistent connections with pipelined requests? >> > > a) Yes, DNS over TCP is in fact pretty much mandatory nowadays and every > modern DNS server should support it. Some DNS servers also support DNS over > TLS. In fact, some queries (AXFR/IXFR) are always TCP. great > b) Yes, but that’s recent addition as per RFC 7766 and AFAIK only Bind 9, > PowerDNS and Unbound support it but I am honestly not sure if there are > others supporting that feature. Historically there were also some security > issues considering concurrent tcp clients limits like CVE-2019-6477 in early > implementations.
I already noticed this for bind 9 and unbound and I know this is also the case for NSD. About CVE , NSD use this parameter: tcp-query-count to limit the number of pending query served per connection. But the question is targeting also DNS servers found in cloud environments such as kube-dns, coreDNS or consul. They seem supporting TCP but I'm not sure about pipelined queries > My apologies if I have missed to mention anything, I am not up to date with > current DNS changes as I used to be. You're help is really appreciate. R, Emeric
