On Fri, 28 Sep 2012 09:44:39 +0200 bert hubert <[email protected]> wrote:
> This allows us to test for two-way communications without using > truncated packets or TCP. > > We could encode the encrypt the correct destination in the CNAME, for > A and AAAA this is trivial. If you come back to resolve > encoded-12.32.43.43.attackeddomain.com, you get 12.32.43.43 etc. For > extra resilience encrypt it. > > I did not think this through too deeply, but what do people think? Why would this, or other similar proposals, be more preferable than just sending back truncated packets to signal for TCP? This latter approach has been widely used in network gear over the years with a fair amount of success, and now thanks to Paul and Vern's work, seems to be a promising feature in the application itself. John _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
