[dns-operations] DNS Attack over UDP fragmentation

Jim Reid jim at rfc1035.com
Wed Sep 4 14:11:17 UTC 2013

On 4 Sep 2013, at 15:04, Ondřej Surý <ondrej.sury at nic.cz> wrote:

>> A possible solution is simply to deploy IPv6 faster :-)

> Yeah :), but what should we do in the eternity meanwhile?

Don't fragment at all, set TC=1 on responses which would cause UDP or lower layer fragmantation and assume only genuine queries will do a TCP retry, avoiding rate limiters?

More information about the dns-operations mailing list