[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
vixie at isc.org
Fri Jun 24 16:19:06 UTC 2011
bert.hubert at netherlabs.nl (bert hubert) writes:
> The PowerDNS Recursor uses ANY queries to authoritative servers to gather A
> and AAAA addresses in a single query. This is off by default and only used
> of querying over IPv6 is enabled.
so if we eventually populate a lot of the rest of the RR type space and we
start to see >64KB responses to ANY due to the richness of the content, you
would take this feature out? what about >4KB?
More information about the dns-operations