> > limiting EDNS responses to 1460 bytes, as suggested [by me], will > > block quite a few legitimate replies (not just ANY replies). > > Why? The response will be sent, just with a TC bit, and the client, if > it is not lying about its IP address, will retry with TCP. No > blocking.
Agreed, this should work fine. Muddled thinking on my part. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
