> > done by now. it could have a slightly custom kernel that allowed the = > > server to specify IP.TTL=3 in sendmsg().
It's been pointed out privately that no kernel hacking would be needed: ] From the ip(7) manpage for Linux: ] ] IP_TTL (since Linux 1.0) ] Set or retrieve the current time-to-live field that is ] used in every packet sent from this socket. FreeBSD 9 and no doubt previous versions of the BSD code have: } setsockopt(s, IPPROTO_IP, IP_OPTIONS, NULL, 0); } } IP_TOS and IP_TTL may be used to set the type-of-service and time-to-live } fields in the IP header for SOCK_STREAM, SOCK_DGRAM, and certain types of That implies that every DNS server implementation with a reasonable ./configure script to check that IP_TTL or whatever is defined could and I think should by default set IP.TTL=3 on sockets used to send UDP responses. If those system calls work on listen() sockets, you could also easily limit TCP/DNS responses, but only for extra credit. In BIND you might want to link the IP_TTL setting to the view, which would add only a very small complication. My mail logs say that I proposed to BIND honchos using the BSD setsockopt(IP_TTL) in February. I also wrote: > it's occurred to me that a tiny IP TTL should be only (or maybe only > by default) on responses with RD=1. RD=1 as the trigger might simplify DNS server configuration issues. My February mail logs also have words from someone unaffliated with BIND on another mailing list about the idea. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
