Re: [Asrg] DNS over SCTP (was: Re: DNS-based Email Sender Authentication

ietf-asrg

Re: [Asrg] DNS over SCTP (was: Re: DNS-based Email Sender Authentication Mechanisms: a Critical Review

2009-05-28 13:16:32

from [SM]

At 06:04 28-05-2009, Alessandro Vesely wrote:

Douglas Otis wrote:
Just using TCP would prevent most of the DNS poisoning attacksthat Amir's paper reports.
TCP is prone to DDoS attack.  As such, TCP is seldom used with DNS.
I thought TCP was the default when the UDP message size is notenough. That's, AFAIK, the


It is.  The statement about why TCP is seldom used is incorrect.

   "UDP is not acceptable for zone transfers, but is the recommended
    method for standard queries in the Internet."

UDP is used as the message is generally less than 512 bytes. I'mignoring EDNS0 support. If the message is truncated, a TCP connection is used.


Regards,

-sm

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNS over SCTP, (continued) Re: DNS over SCTP, Douglas Otis Re: DNS over SCTP, David Conrad Re: DNS over SCTP, Masataka Ohta Re: DNS over SCTP, Alessandro Vesely Re: DNS over SCTP, Michael Tüxen Re: DNS over SCTP, Francis Dupont Re: DNS over SCTP, Douglas Otis Re: DNS over SCTP, Francis Dupont Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Francis Dupont Re: [Asrg] DNS over SCTP (was: Re: DNS-based Email Sender Authentication Mechanisms: a Critical Review, SM <= Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review, Francis Dupont Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Florian Weimer Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Florian Weimer Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, John Leslie Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Amir Herzberg Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Amir Herzberg Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Jose-Marcio Martins da Cruz

Previous by Date:	Re: DNS over SCTP, David Conrad
Next by Date:	Re: DNS over SCTP, Douglas Otis
Previous by Thread:	Re: DNSSEC is NOT secure end to end, Francis Dupont
Next by Thread:	Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review, Francis Dupont
Indexes:	[Date] [Thread] [Top] [All Lists]