On Sun, Jun 10, 2012 at 04:24:51AM -0700, Kyle Creyts <kyle.cre...@gmail.com> wrote a message of 65 lines which said:
> are there legitimate reasons to continue supporting ANY queries? They are very useful for debugging. I would regret their disappearance. What about forcing TCP for ANY requests only? It would limit ANY requests to people who don't spoof their source IP address. I do not know how to force TC for replies to ANY queries. Patches for BIND and nsd are welcome. In the mean time, limiting the outbound size to something that will probably affect only ANY queries is a possible workaround: BIND: max-udp-size 1460 nsd: ipv4-edns-size: 1460 ipv6-edns-size: 1460 _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs