On 9 Nov 2014, at 6:46, Yardiel D. Fuentes wrote:
http://bcop.nanog.org/index.php/BCOP_Drafts
There are some good general recommendations in this document (Word format? Really?), but this is incorrect and harmful, and should be removed:
iii. Consider dropping any DNS reply packets which are larger than 512 Bytes – these are commonly found in DNS DoS Amplification attacks.
This *breaks the Internet*. Don't do it. ----------------------------------- Roland Dobbins <[email protected]>
