I'm with Ed here, A valid response is silence. The resolver/client has no way to determine if the lack of a reply is due to the server has chosen silence, or if there was something in-path which dropped the packet. In this case, client misbehaviour is panicking and sending many queries to try and gain the information it things it needs. WindowsXP had this behaviour. Servers can and do "blackhole" queries the operator deems irrelevant/excessive with hold-down and supression capabilities. The fix, if there is one needed, needs to sit at the resolver/client side.
/Wm On Thu, Aug 25, 2016 at 12:25 AM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > On Thu, Aug 25, 2016 at 04:35:52AM +0000, > Viktor Dukhovni <ietf-d...@dukhovni.org> wrote > a message of 89 lines which said: > > > When a nameserver consistently fails to respond: > > Add "it may make easier for a third-party to inject bogus > responses". See > <http://www.ssi.gouv.fr/uploads/IMG/pdf/DNS-OARC-2013- > Blocking_DNS_Messages_Is_Dangerous.pdf> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
