But you can return FORMERR. That said Microsoft used two bytes at the end of
an AXFR request to signal multi record messages where accepted. These days it
should be a EDNS option.
--
Mark Andrews
> On 27 May 2022, at 11:59, Frank Habicht wrote:
>
> On 26/05/2022 22:37, John Levine
On 26/05/2022 22:37, John Levine wrote:
It appears that Brown, William said:
-=-=-=-=-=-
It made sense 40 years ago when it was written. In today’s security
environment, it does not.
It made sense and still makes sense when you know what Postel meant.
Be liberal in what you accept when
ot
accept any random garbage and try to guess what it means.
R's,
John
>From: P Vixie
>Sent: Thursday, May 26, 2022 11:23 AM
>To: Stephane Bortzmeyer
>Cc: dns-operations@lists.dns-oarc.net
>Subject: Re: [dns-operations] DNS request for ./NS with two extra bytes at the
>end
It made sense 40 years ago when it was written. In today’s security
environment, it does not.
From: P Vixie
Sent: Thursday, May 26, 2022 11:23 AM
To: Stephane Bortzmeyer
Cc: dns-operations@lists.dns-oarc.net
Subject: Re: [dns-operations] DNS request for ./NS with two extra bytes at the
end
--- Begin Message ---
The robustness principle is diametrically wrong. We must be ultra conservative
in what we accept, to put back pressure on silly bugs before they can gain
market share.
Get BlueMail for Android
On May 25, 2022, 22:58, at 22:58, Stephane Bortzmeyer wrote:
>[This has no
I’ve not looked for these, but will look now…
The additional two bytes seems to be the identifier in the DNS header, plus
one, based on the two messages in the PCAP sample.
Roy
> On 26 May 2022, at 06:40, Stephane Bortzmeyer wrote:
>
> [This has no operational consequences, it is just idle
[This has no operational consequences, it is just idle curiosity.]
A server receives a few packets/second coming from several IP
addresses and querying ./NS (like in priming, or may be in some
reflection attacks). The server was never a root server, of course.
What is interesting is that all