[176179] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNS Lookup - Filter "localhost"

daemon@ATHENA.MIT.EDU (=?UTF-8?B?QW5kZXJzIEzDtndpbmdlcg==)
Mon Nov 17 18:49:12 2014

X-Original-To: nanog@nanog.org
Date: Mon, 17 Nov 2014 23:49:00 +0100
From: =?UTF-8?B?QW5kZXJzIEzDtndpbmdlcg==?= <anders@abundo.se>
To: nanog@nanog.org
In-Reply-To: <546A7159.90806@satchell.net>
Errors-To: nanog-bounces@nanog.org

>> 4. Do you block non-UDP DNS requests or rate-limit requests?
> 
> Yes

Why?  RFC5966 DNS Transport over TCP - Implementation Requirements

You make it very hard for DNSSEC

>> 5. Anything else you block/filter on your DNS servers?
> 
> block fragmented packets

Why? You then block EDNS0, which DNSSEC uses. (UDP packets up to 4096 bytes,
then TCP)


/Anders


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[176179] in North American Network Operators' Group

Re: DNS Lookup - Filter "localhost"

daemon@ATHENA.MIT.EDU (=?UTF-8?B?QW5kZXJzIEzDtndpbmdlcg==)Mon Nov 17 18:49:12 2014

daemon@ATHENA.MIT.EDU (=?UTF-8?B?QW5kZXJzIEzDtndpbmdlcg==)
Mon Nov 17 18:49:12 2014