Hello,
I have set up a nameserver and I would like to force all future client
requests to TCP only.
Essentially, one scenario would be for all UDP requests to be countered
with a packet that has the TC bit set so the connection
is retried via TCP. I want this rule to be applicable to all incoming
request, no actual data exchange
via UDPs, even for a simple dig request. I tried achieving this with the
following 2 strategies but with no success:
1. set split value to 1 (in the rate-limit argument in named.conf.options)
2. I also tried to setup a response policy zone. I added the following
in named.conf.options
response-policy {
zone "rpz.example.com" policy tcp-only;
};
and the appropriate CNAME record for rpz-tcp-only. in rpz.example.com.
Neither worked out.
I know this scenario is not compliant to standard DNS, it is only an
experimental setup.
I am using bind 9.16.1 and the OS is Ubuntu 20.04.
If anyone has ideas on how to achieve this with bind, it would be very
helpful.
Best Regards,
Donika Mirdita
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users