On 29. 03. 23 13:03, Dave Lawrence wrote:
Peter DeVries via dns-operations writes:
Another relevant draft:
https://datatracker.ietf.org/doc/html/rfc8906
Not sure how, it doesn't address _. as a use case at all and I only
see testing for minimal EDNS not minimal qname.
The journey of that document was with, essentially, No Response
Considered Harmful. While it does go over many specific examples, the
thrust of it from the Introduction is that not responding to
legitimate queries is an ambiguous signal that burdens the DNS
ecosystem even more.
That's right.
Well behaved DNS resolvers might assume that timeout indicates that the
server is not keeping up, and resolver should try another server or
enable throttling for a given non-responsive server (in an attempt to
help server to keep up with load).
In other words, dropping queries from resolvers might/will cause
legitimate clients to not get timely answers, but attackers will not
care and will continue flooding the resolver.
Artificial timeouts also wreak havoc to some RTT estimation approaches etc.
Thus
=> RFC 8906 => It's A Bad Idea To Drop Queries.
--
Petr Špaček
Internet Systems Consortium
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
