DNS reply larger than 4096 bytes

I thought I would never be able to generate a DNS query with reply size larger than 4096 bytes. I was wrong ! Just look at this.

[warren@dnssec ~]# dig any doc.gov | grep SIZE
;; MSG SIZE rcvd: 9735

Of course, the reply has to fallback to TCP instead of UDP. Thanks to US Department of Commerce for letting me to play around with this.

Hackers, don't use this for amplification attacks.  You will fail.

No comments: