On Fri, Mar 29, 2013 at 09:54:31PM +0900, Daisuke HIGASHI <[email protected]> wrote a message of 199 lines which said:
> "max-udp-size" is almost exactly same as BIND9's. Very good idea. I note that NSD has two parameters for that, one for IPv4 responses and one for IPv6 (to deal with MTU issues). I wonder if it's worth the complexity? > ACL action "allow_minimal" is like "allow" but limits UDP response > size up to 512 bytes. Essentially it limits amplification rate of > DNS traffic reflection attack more aggressively. Very good idea. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
