[nsd-users] Unexpected responses to ANY queries over TCP

Tuomo Soini tis at foobar.fi
Thu May 7 20:11:20 UTC 2020

On Thu, 7 May 2020 14:48:25 +0200
Anand Buddhdev <anandb at ripe.net> wrote:

> You are wrong. DNS amplification attacks cannot be done over TCP.

You missed the point.

If authoritative answers over tcp with any data, resolver dns can
answer to victim with udp.

So at authoritative it is important not to answer to any.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

More information about the nsd-users mailing list