PowerDNS Recursor sends data in case of TC=1. In order to mitigate amplification attacks it would be better to send an empty packet in this case.
actually truncate packet when setting TC, closes #1092
Is this RFC compliant? I can imagine cases where a client might want only the partial answer and can make a decision to request the rest of the answer over TCP or not...
Could this be made configurable rather than default behavior?
RFC 2181 says:
"Where TC is set, the partial RRSet that would not completely fit may be left in the response. When a DNS client receives a reply with TC set, it should ignore that response, and query again, using a mechanism, such as a TCP connection, that will permit larger replies."
So I guess, yes! Other implementation behave as well. You could file an enhancement issue if you want a configuration switch. But I think that's not necessary. We have this fix in production for several month and no one has complained.
That's fair, I probably should have checked myself first =)
I don't currently use the data in UDP replies with TC set, so I suppose that if I have a use-case for it down the road I can submit a patch