Hi Peter, UDP DNS is open to spoofing. Setting TC bit and requesting TCP query may be a mechanism for client identity authenticity. However, what do you think about interoperability of clients when they get a re-query request through TC bit?
Kind Regards, -- Oguz YILMAZ On Mon, Jun 4, 2012 at 10:37 PM, Peter van Dijk <[email protected]> wrote: > Hello Oguz, > > On Jun 4, 2012, at 16:03 , Oguz Yilmaz wrote: > >> AFAIK, standard says "send <truncated> response to Udp queries with >> more then 500 bytes in query or response. (If not, correct me pls.). I >> want to able to enforce users to use directly TCP. Is it possible with >> pdns to enforce such a conversion? The server is not a public or not a >> recursive server > > > You cannot, from the server side, enforce users to use TCP directly - clients > initiate communication and they do that over UDP. > > If you mean that you want to force all communications from UDP to TCP > immediately, you could patch PowerDNS to always set the TC (truncated) bit. > > But I have to ask: why? > > Kind regards, > -- > Peter van Dijk > Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
