On 21/11/2019 14:40, Veronique Lefebure wrote: > Hi, > > I have a question regarding the vulnerability described in the mail below. > > If a client is using TCP-pipelining, and if querylog channel is enabled, what > will appear in the query log file for that client ? > Shall we see one line per DNS query, i.e. N lines if the client has sent N > queries in the pipeline, or shall we see only one line ? > Also, is there a way to know is a client is using pipelining (a part from > analysing the traffic) ? > > Thanks, > Veronique
Hi Veronique, This is an interesting question. The querylog channel is logging query responses, one per client query. So you're not going to be able to determine from query logging whether a client is using TCP-pipelining or not. Realistically, you're going to have to analyze the traffic in some way or another. The difference with a pipelining client as opposed to another TCP client that just holds open a TCP socket while it sends several queries, is that the pipelining client won't wait for a query response to the last query it sent before sending the next one. It will have code in place locally to keep track of pending queries and to handle out of order query responses. Just seeing multiple queries from the same client TCP connection doesn't mean that it is pipelining them. Someone else on the list might have some other ideas, but that's all that I can think of at the moment - sorry. Cathy _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
