In message <[EMAIL PROTECTED]>, Rob Thomas w rites: > >Limit UDP queries to 512 bytes. This greatly decreases the >amplification affect, though it doesn't stop it. >
Unfortunately, the intention of the DNS developers is just the
opposite. Things like DNSSEC require larger packet sizes; in fact,
there's a DNS extension (EDNS0) whose purpose, among others, it to
permit this.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
