On 16/07/2015 17:10, John Dickinson wrote: > > > On 14/07/2015 11:31, Shane Kerr wrote: >> >> Second, one possible issue for consideration is that it is already a >> problem for resolver operators that a single query can cause a *lot* of >> work for the resolver. This issue can be magnified with TCP pipelining: >> a bad actor can connect to a resolver and queue a ton of queries in a >> few packets (consider how many queries will fit in 1460 bytes). > > Do you feel this is worse than flooding a server with UDP? Should we > have rate limiting?
I think the pipelining is a non-issue, or rather one that already exists. In practise most (if not all) existing DNS servers that support TCP already suffer this potential problem. When the client sends a whole series of queries down the connection without waiting for an answer in general this "just works" because servers don't routinely flush the incoming TCP read buffer every time they respond to a packet. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
