Stephane Bortzmeyer <[email protected]> wrote: > > What about forcing TCP for ANY requests only?
I think it's wrong to focus on ANY queries: restricting them just encourages the attackers to move on to another query type. For a domain with DNSSEC you get almost as much data in return to an MX query - 2KB vs 1.5KB for cam.ac.uk. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Shannon: Variable 3 at first in southeast, otherwise northerly 4 or 5, occasionally 6 later. Moderate. Showers. Good. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
