Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > > What about forcing TCP for ANY requests only?
I think it's wrong to focus on ANY queries: restricting them just encourages the attackers to move on to another query type. For a domain with DNSSEC you get almost as much data in return to an MX query - 2KB vs 1.5KB for cam.ac.uk. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Shannon: Variable 3 at first in southeast, otherwise northerly 4 or 5, occasionally 6 later. Moderate. Showers. Good. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
