On 12/11/2013 1:06 PM, Anurag Bhatia wrote: > > I am sure I am not first person experiencing this issue. Curious to hear > how you are managing it. Also under what circumstances I can get a > legitimate TCP query on port 53 whose reply exceeds a basic limit of less > then 1000 bytes? > > >
I'm not a DNS guru so I don't have an exact answer. However my gut feeling is that putting in a place a rule to drop or rate limit DNS replies greater than X bytes is probably going to come back to bite you in the future. No one can predict the future of what will constitute legitimate DNS traffic.
