Another reason it's nonsensical: when a DNS response is too large to fit in the ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		philsnow on Dec 30, 2022 \| parent \| context \| favorite \| on: Encrypted DNS and NTP = Deadlock Another reason it's nonsensical: when a DNS response is too large to fit in the payload of a UDP datagram, the server sets the TC bit in the response header (alongside whatever truncated results it feels like including), notifying the client of the truncation. The client optionally (but SHOULD) falls back to retrying the query over TCP. https://serverfault.com/a/698254

zinekeller on Dec 30, 2022 [–]

Slowly looks at musl's direction.

(musl doesn't even try DNS/TCP after receiving a TC packet)

tptacek on Dec 30, 2022 | [–]

Yes, this is a pretty grave flaw.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact