On 2018/05/17 12:12, Todd C. Miller wrote: > On Thu, 17 May 2018 19:06:27 +0200, Florian Obser wrote: > > > 1) From upcomming nsd 4.1.22: > > refuse-any sends truncation (+TC) in reply to ANY queries over UDP, > > and allows TCP queries like normal. > > So the idea is that a well-behaved client doing an ANY query will > retry with TCP? That does sound nicer. > > - todd >
Exactly; the TC response is smaller than the query so it prevents a UDP ANY query being an amplification source.