> On Dec 4, 2019, at 4:05 PM, Paul Vixie <[email protected]> wrote: > > > > Wessels, Duane wrote on 2019-12-04 14:22: >> ... >> DNS messages over TCP are in no way guaranteed to arrive in single >> segments. In fact, a clever attacker might attempt to hide certain >> messages by forcing them over very small TCP segments. Applications >> that capture network packets (e.g., with libpcap [libpcap]) SHOULD be >> prepared to implement and perform full TCP segment reassembly. >> dnscap [dnscap] is an open-source example of a DNS logging program >> that implements TCP reassembly. >> Developers SHOULD also keep in mind connection reuse, query >> pipelining, and out-of-order responses when building and testing DNS >> monitoring applications. > > i suggest a reference to 'dnstap' here, as a server-integrated monitoring > protocol intended to facilitate wide scale dns monitoring.
Done: As an alternative to packet capture, some DNS server software supports dnstap [dnstap] as an integrated monitoring protocol intended to facilitate wide-scale DNS monitoring. DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
