In message <[email protected]>, Mark Andrews writes: > > This is wrong. DNS servers should respond with NOTIMP or FORMERR. > The actual rcode is implementation dependent. This is not to say > all will respond. Just don't expect silence. > > DNSoD can run over standard UDP port 53 as defined in [RFC1035]. A > DNS client or server that does not implement this specification will > not respond to the incoming DTLS packets because they don't parse as > DNS packets (the DNS Opcode would be 15, which is undefined).
More correctly they don't respond because they are marked as "query reponses" (qr=1) and there is little point telling a responder they gave a bad response. Opcode 15 and malformed packets are not the reason for the lack of response. > e.g. > > ; <<>> DiG 9.11.0pre-alpha <<>> +opcode=15 +noedns +header-only +qr +noad > ;; global options: +cmd > ;; Sending: > ;; ->>HEADER<<- opcode: RESERVED15, status: NOERROR, id: 25683 > ;; flags: rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > > ;; QUERY SIZE: 12 > > ;; Got answer: > ;; ->>HEADER<<- opcode: RESERVED15, status: NOTIMP, id: 25683 > ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Jul 24 01:29:00 EST 2015 > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
