Techly NewsGet the app

Get the latest tech news

Journeying into XDP: Fully-fledged DNS service augmentation (2022)


Guest Post: Fully-fledged DNS service augmentation is possible at the XDP layer and TC layer.

The first feature that we’ll be examining is DNS Cookies, which is an in-DNS-protocol way of allowlisting returning requesters to exclude them from being rate limited. And, even though we ensure that we will not read beyond the packet — by making sure c->pos remains below c->end — the accumulated (size-wise) worst cases scenarios can quickly lead to a situation where the verifier conceives the program to cross the maximum allowed packet size of 64k and will, therefore, refuse to load the XDP program! Padding in Unbound is only done on TLS transport because we don’t want this option to increase just any UDP response so it can be misused in Denial of Service Amplification attacks.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of DNS

DNS

Photo of xdp

xdp

Related news:

News photo

Antitrust: GoDaddy under fire for banning DNS automation tool in favor of its own

News photo

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

News photo

DNS hijacks target crypto platforms registered with Squarespace

« Musk Bringing X to Austin Helps Revive City’s Stagnant Tech Dreams
Nigeria fines Meta $220 million for violating data protection and consumer rights laws »