[168357] in North American Network Operators' Group
Re: "trivial" changes to DNS (was: OpenNTPProject.org)
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Jan 22 21:23:28 2014
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <alpine.LSU.2.00.1401171144100.13642@hermes-2.csi.cam.ac.uk>
Date: Wed, 22 Jan 2014 21:23:05 -0500
To: Tony Finch <dot@dotat.at>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 17, 2014, at 6:44 AM, Tony Finch <dot@dotat.at> wrote:
> Jared Mauch <jared@puck.Nether.net> wrote:
>>=20
>> I can point anyone interested to the place in the
>> bind source to force it to reply to all UDP queries with TC=3D1
>> to force TCP. should be safe on any authority servers, as a =
recursive
>> server should be able to do outbound TCP.
>=20
> However see http://www.potaroo.net/ispcol/2013-09/dnstcp.html
Yes, I=92m aware of the excellent work by Geoff on this topic. There =
are many
things that could be done, including the nonce (or similar) approach NTP
took with MONLIST vs MRULIST.
Perhaps it=92s something like this:
http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03
- Jared=
