[dns-operations] DNS Attack over UDP fragmentation

[Jim Reid]

On 4 Sep 2013, at 15:04, Ondřej Surý <ondrej.sury at nic.cz> wrote:

>> A possible solution is simply to deploy IPv6 faster :-)

> Yeah :), but what should we do in the eternity meanwhile?

Don't fragment at all, set TC=1 on responses which would cause UDP or lower layer fragmantation and assume only genuine queries will do a TCP retry, avoiding rate limiters?