On Nov 22, 2018, at 08:38, A. Schulze via Unbound-users <unbound-users@nlnetlabs.nl> wrote:
> ѽ҉ᶬḳ℠ via Unbound-users: > >> NULL records on the other hand should perhaps not be cached, or even >> permitted for queries, considering https://tools.ietf.org/html/rfc1035 > > interesting, that may break signaling trust anchor knowledge > https://tools.ietf.org/html/rfc8145#section-5.1 Killing 8145 might be considered a public service :-) I happened to hear from some DNS operators at some mobile carriers the other day who are scratching their heads about DNS tunnelling; they zero-rate DNS traffic for a variety of sensible reasons, but some of their more cunning customers have noticed that if they stop caring so much about performance, zero-rating DNS traffic can be turned into zero-rated mobile data. It sounds like outlier identification (to find the unusually talkative mobile terminals) and rate-limiting (to make tunnelling painful without stamping too hard on DNS resolution) are the tools people have to work with. It might be nice if there were some convenient recipes for tuning unbound to do that kind of thing (from the perspective of the DNS operator/carrier, I guess, not the mobile terminal user). Joe
