[dns-operations] DNS Attack over UDP fragmentation
jim at rfc1035.com
Wed Sep 4 14:11:17 UTC 2013
On 4 Sep 2013, at 15:04, Ondřej Surý <ondrej.sury at nic.cz> wrote:
>> A possible solution is simply to deploy IPv6 faster :-)
> Yeah :), but what should we do in the eternity meanwhile?
Don't fragment at all, set TC=1 on responses which would cause UDP or lower layer fragmantation and assume only genuine queries will do a TCP retry, avoiding rate limiters?
More information about the dns-operations