[167426] in North American Network Operators' Group
Re: Best practice on TCP replies for ANY queries
daemon@ATHENA.MIT.EDU (ML)
Wed Dec 11 13:19:56 2013
Date: Wed, 11 Dec 2013 13:19:35 -0500
From: ML <ml@kenweb.org>
To: nanog@nanog.org
In-Reply-To: <CAJ0+aXZ5kC=ngBYdZbK2A+d296uVotdyTHBii4NgJTtbdyGhDw@mail.gmail.com>
Reply-To: ml@kenweb.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/11/2013 1:06 PM, Anurag Bhatia wrote:
>
> I am sure I am not first person experiencing this issue. Curious to hear
> how you are managing it. Also under what circumstances I can get a
> legitimate TCP query on port 53 whose reply exceeds a basic limit of less
> then 1000 bytes?
>
>
>
I'm not a DNS guru so I don't have an exact answer. However my gut
feeling is that putting in a place a rule to drop or rate limit DNS
replies greater than X bytes is probably going to come back to bite you
in the future.
No one can predict the future of what will constitute legitimate DNS
traffic.
