101010.pl

Max ResingJust wanted to share some thoughts on <a href="https://infosec.exchange/tags/RFC9715" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC9715</a> - an <a href="https://infosec.exchange/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC</a> that defines standards on reducing the <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> issue of IP fragmentation over <a href="https://infosec.exchange/tags/UDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#UDP</a>. It's not a long read, but a good one for everyone who understands the issues of large UDP responses on the <a href="https://infosec.exchange/tags/Internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Internet</a>. A great leap forward to (hopefully) reduce the reflection/amplification <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DDoS</a> potential of DNS.Just today I learned that <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> will share their public DNS resolvers to limit to ~1400 bytes (smaller adjustments expected while figuring out the sweet spot in production). From now on, DNS responses which exceed this limit will have the truncated flag set instructing the client to resolve back to <a href="https://infosec.exchange/tags/TCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TCP</a>. <a href="https://infosec.exchange/tags/ipv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#ipv4</a> <a href="https://infosec.exchange/tags/ipv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#ipv6</a> <a href="https://infosec.exchange/tags/ietf" class="mention hashtag" rel="nofollow noopener" target="_blank">#ietf</a>

Recent searches

Search options

Administered by:

Server stats:

#rfc9715