[ratelimits] bind force qtype=ANY to TCP

Jared Mauch jared at puck.nether.net
Thu May 16 00:17:15 UTC 2013


On May 15, 2013, at 8:03 PM, Vernon Schryver <vjs at rhyolite.com> wrote:

> I think the patch has a false negative rate of approximately 100%.
> To check whether I am wrong again, I set up a test server and tried
> two `dig +ignore isc.org any` commands.  The first got a TC=1 error
> response as expected.  The second command got 3500 bytes of RRs via
> UDP.  I expect (but haven't tested) that all subsequent queries get
> normal responses until all of the TTLs expire.

Heh, you're right.  I'll have to tweak where that code happens…

puck:~$ dig any nothing.cnn.com. @204.42.254.5
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.9.3-rl.131.14rc2 <<>> any nothing.cnn.com. @204.42.254.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33076
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nothing.cnn.com.		IN	ANY

;; AUTHORITY SECTION:
cnn.com.		3600	IN	SOA	ns1.timewarner.net. hostmaster.turner.com. 2013051301 28800 7200 604800 3600

;; Query time: 1 msec
;; SERVER: 204.42.254.5#53(204.42.254.5)
;; WHEN: Wed May 15 20:16:00 EDT 2013
;; MSG SIZE  rcvd: 116

puck:~$ dig any nothing.cnn.com. @204.42.254.5

; <<>> DiG 9.9.3-rl.131.14rc2 <<>> any nothing.cnn.com. @204.42.254.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34337
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nothing.cnn.com.		IN	ANY

;; AUTHORITY SECTION:
cnn.com.		3593	IN	SOA	ns1.timewarner.net. hostmaster.turner.com. 2013051301 28800 7200 604800 3600

;; Query time: 1 msec
;; SERVER: 204.42.254.5#53(204.42.254.5)
;; WHEN: Wed May 15 20:16:07 EDT 2013
;; MSG SIZE  rcvd: 116







More information about the ratelimits mailing list