[167425] in North American Network Operators' Group
Best practice on TCP replies for ANY queries
daemon@ATHENA.MIT.EDU (Anurag Bhatia)
Wed Dec 11 13:07:34 2013
From: Anurag Bhatia <me@anuragbhatia.com>
Date: Wed, 11 Dec 2013 23:36:36 +0530
To: NANOG Mailing List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hello everyone
I noticed some issues on one of DNS server I am managing. It was getting
queries for couple of attacking domains and server was replying in TCP with
3700 bytes releasing very heavy packets. Now I see presence of some
(legitimate) DNS forwarders and hence I don't wish to limit queries.
As I understand there are two ways here for fix:
1. I can put a DNS rate limit in reply to ANY packets like say 5 replies
in every one min. (but again I have some forwarders with quite a few
machines behind them).
2. Other way is limiting TCP port 53 outbound size ...limiting to say
600-700 bytes or so.
I am sure I am not first person experiencing this issue. Curious to hear
how you are managing it. Also under what circumstances I can get a
legitimate TCP query on port 53 whose reply exceeds a basic limit of less
then 1000 bytes?
Thanks.
--
Anurag Bhatia
anuragbhatia.com
Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
Twitter<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com
