Re: how to verify Pipelined TCP and DNSCOOKIE
On 04/09/2018 15:13, Tony Finch wrote: > `mdig` comes with BIND and does multiple concurrent queries, so you can > check pipelining behaviour like this: > > ... > > A good selection of sites near and far should nicely demonstrate > out-of-order replies. If you don't flush the cache first then you'll get > the answers in an effectively random order. Technically, pipelining is not the same thing as "out of order replies", although the former is required for the latter to work. Pipelining just means that you can submit multiple queries over the same socket without having to wait for any answers at all, and without the server flushing its input queue. AFAIK BIND was always capable of this - the new bit is that BIND will consume the queries and start processing them (and send the responses back in whatever order they become available) rather than processing them strictly in order with each query and response proceeding in lock-step mode. This is a distinction that I still have to explain to my RFC 7766 co-authors on occasion :) kind regards, Ray ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to verify Pipelined TCP and DNSCOOKIE
Rodrigo Reyna wrote: > I don't know how to confirm [Pipelined TCP queries(RFC7766)]. > Specifically, please tell me if there is a method to check with the command > such as dig for the server on which BIND 9.11 is running. `mdig` comes with BIND and does multiple concurrent queries, so you can check pipelining behaviour like this: $ rndc flush; mdig +tcp +noall +answer @::1 \ www.melbourne.edu.au \ www.u-tokyo.ac.jp \ www.uonbi.ac.ke \ www.puc-rio.br \ web.mit.edu \ www.cam.ac.uk A good selection of sites near and far should nicely demonstrate out-of-order replies. If you don't flush the cache first then you'll get the answers in an effectively random order. For years I have used `adns` for bulk concurrent queries, and it's really good at pipelining queries over a TCP connection. > The other is about [DNSCOOKIE]. Dunno this one I'm afraid. Tony. -- f.anthony.n.finchhttp://dotat.at/ a fair, free and open society ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
how to verify Pipelined TCP and DNSCOOKIE
Hi,there. Please someone help me. I am currently verifying the function of BIND 9.11, but I am in two troubles. 1. I don't know how to confirm [Pipelined TCP queries(RFC7766)]. Specifically, please tell me if there is a method to check with the command such as dig for the server on which BIND 9.11 is running. 2. The other is about [DNSCOOKIE]. Querying servers with DNSCOOKIE enabled / disabled with dig (bind 9. 11.4),it is always displayed as DNSCOOKIE: x (good). Why does it appear as good even if I query the server with DNSCOOKIE disabled? Also,please tell me if you know a command that will cause DNSCOOKIE to fail (ie, other than good is displayed). Thank you. -- Sent from: http://bind-users-forum.2342410.n4.nabble.com/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
how to verify Pipelined TCP and DNSCOOKIE
Hi,there. Please someone help me. I am currently verifying the function of BIND 9.11, but I am in two troubles. 1. I don't know how to confirm [Pipelined TCP queries(RFC7766)]. Specifically, please tell me if there is a method to check with the command such as dig for the server on which BIND 9.11 is running. 2. The other is about [DNSCOOKIE]. Querying servers with DNSCOOKIE enabled / disabled with dig (bind 9. 11.4),it is always displayed as DNSCOOKIE: x (good). Why does it appear as good even if I query the server with DNSCOOKIE disabled? Also,please tell me if you know a command that will cause DNSCOOKIE to fail (ie, other than good is displayed). Thank you. -- Sent from: http://bind-users-forum.2342410.n4.nabble.com/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
