|
|
|
|
|
|
by Dylan16807
2709 days ago
|
|
|
> (EDNS does have a padding type) "The use of the EDNS(0) padding only provides a benefit when DNS
packets are not transported in cleartext. Further, it is possible
that EDNS(0) padding may make DNS amplification attacks easier.
Therefore, implementations MUST NOT use this option if the DNS
transport is not encrypted." Apparently it does have a padding proposal, but it wasn't thought through very well. They only had the use case of confidentiality in mind, and decided to deal with amplification by forbidding cleartext use, no matter what the response:request size ratio is. |
|
|
It basically needs to be the final record, which conflicts with things like SIG0 that also want to be the final record.