On Wed, Jul 10, 2019 at 04:21:11PM +1000, Mark Andrews wrote: > I’ve written up a method to defeat UDP fragmentation attacks using TSIG. > > https://tools.ietf.org/html/draft-andrews-dnsop-defeat-frag-attack-00 > > If we are going to discuss methods to defeat such attacks this should be > considered.
+1 As an alternative, I also point to the following draft from 2015: https://tools.ietf.org/html/draft-muks-dns-message-checksums-00 A BIND implementation of it is here: https://github.com/muks/bind9/tree/dns-message-checksums Mukund _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop