[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

[Paul Vixie]

bert.hubert at netherlabs.nl (bert hubert) writes:

> The PowerDNS Recursor uses ANY queries to authoritative servers to gather A
> and AAAA addresses in a single query. This is off by default and only used
> of querying over IPv6 is enabled.

so if we eventually populate a lot of the rest of the RR type space and we
start to see >64KB responses to ANY due to the richness of the content, you
would take this feature out?  what about >4KB?
-- 
Paul Vixie
KI6YSY