On Wed, Sep 04, 2013 at 03:08:55PM +0200, Ondřej Surý <ondrej.s...@nic.cz> wrote a message of 81 lines which said:
> So what are the views of other people on this list? [Total noob just going back from holidays and therefore even less competent as usual.] Isn't is a good idea to limit the maximum size of the response, like .com/.net (and may be other TLD: examples welcome) do? This will make the attack more difficult. With IPv6, limiting to 1280 bytes completely prevent fragmentation. With IPv4, limiting to the minimum size of IPv4 datagrams is really too harsh and the attacker may trigger fragmentation by sending spoofed ICMP "packet too big". A possible solution is simply to deploy IPv6 faster :-) _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
