Hi Peter
On Mon, Jan 21, 2019 at 11:22:00AM +0100, Peter van Dijk wrote:
> The draft doubles the number of packets involved in a legitimate
> exchange; it more than doubles the number of packets involved in a
> spoofed exchange. About half of these packets are ICMP
> packets. Without the draft, ICMP packets are useful debugging aids,
> and in big numbers, indications of attacks or operational
> problems. With the draft, ICMP becomes another useless source of
> background noise.
I had implemented the draft about a year ago as a server-side patch for
BIND so that it could be tried/tested. But I was not aware of the ICMP
issue that you mentioned. Today I looked at a packet capture with ATR
response and sure enough, the 2nd truncated response generates an ICMP
message from the recipient. I agree that this would be noisy.
Mukund
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
