On Sat, Sep 13, 2014 at 09:37:52AM +0000, Franck Martin <fmar...@linkedin.com> wrote a message of 61 lines which said:
> -limit size to <1500? on both IPv4 and IPv6? It may be interesting against amplification attacks (although it seems everyone moved to NTP amplification attacks, abandoning the DNS). For fragmentation, I would not care, as explained here. On an authoritative name server, you know the response sizes (use DSC to see it). DNSKEY responses are typically the largest. Check it before decreasing the limit. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs