Dick Franks ________________________
On 1 October 2015 at 11:12, Shane Kerr <sh...@time-travellers.org> wrote: > > In the case where people just want to reduce the damage of ANY queries > in reflection attacks, I quite like the PowerDNS option of forcing ANY > queries to TCP via truncation. I'm not sure if this has been documented > in any RFC, but if not then perhaps it bears mentioning too? > That rests on two assumptions: 1) that damage limitation from reflection attacks is the primary concern here, which appears no longer to be the case. 2) that there is some plausible reason for doing ANY queries, in which case it would be interesting to know what that might be.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
