> On 14 Mar 2022, at 18:49, Mark Delany <[email protected]> wrote:
>
> For reference: https://datatracker.ietf.org/doc/html/rfc7873#section-5.4
>
> Over the last couple of months I've been purposely tracking "Querying for a
> Server Cookie"
> as described in the link above.
>
> And I have seen zero such queries. Nada. Zilch. Nothinkski.
>
> As best I can tell, "dig" is incapable of issuing such a query so one
> presumes that even
> ISC don't think it a very important use-case even tho their name is on the
> RFC.
>
> Furthermore, my DNS decoder of choice (github.com/miekg/dns) discards inbound
> queries with
> QD!=1 (but it at least offers an escape hatch which I used for the
> aforementioned
> tracking).
>
> In short, QD=0 is an odd query which is not well supported. Furthermore, I
> suspect that
> most middleware and some firewalls are going to drop them with prejudice, all
> of which
> means that a #5.4 query has a number of barriers to overcome.
>
> But zero such queries after watching for months? That's surprising. I'm
> obviously
> suspicion of my tracking code, but I've checked as best I can.
>
> Two questions: a) Are there known #5.4 implementations out there? b) Have
> others seen
> such queries in the wild?
Dig with the right arguments can make such queries.
[ant-3375:~/git/bind9] marka% dig +header-only +qr
; <<>> DiG 9.17.22 <<>> +header-only +qr
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4563
;; flags: rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3287f6d53f729366
;; QUESTION SECTION:
;; QUERY SIZE: 35
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4563
;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3287f6d53f72936601000000622efc5c2711df6261e3a30d (good)
;; Query time: 0 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Mon Mar 14 19:27:08 AEDT 2022
;; MSG SIZE rcvd: 51
[ant-3375:~/git/bind9] marka%
> I guess a final question: Are DNS Cookies considered BCP and thus I should be
> expecting
> #5.4 queries now or in the near future? I've read a few dissenting views is
> why I ask.
>
>
> Mark.
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
