22 Jan
2014
22 Jan
'14
9:23 p.m.
On Jan 17, 2014, at 6:44 AM, Tony Finch <dot@dotat.at> wrote:
Jared Mauch <jared@puck.Nether.net> wrote:
I can point anyone interested to the place in the bind source to force it to reply to all UDP queries with TC=1 to force TCP. should be safe on any authority servers, as a recursive server should be able to do outbound TCP.
However see http://www.potaroo.net/ispcol/2013-09/dnstcp.html
Yes, I’m aware of the excellent work by Geoff on this topic. There are many things that could be done, including the nonce (or similar) approach NTP took with MONLIST vs MRULIST. Perhaps it’s something like this: http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03 - Jared