[dns-operations] DNS Attack over UDP fragmentation

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Sep 4 14:34:17 UTC 2013

On Wed, Sep 04, 2013 at 03:11:17PM +0100,
 Jim Reid <jim at rfc1035.com> wrote 
 a message of 11 lines which said:

> Don't fragment at all, set TC=1 on responses which would cause UDP
> or lower layer fragmantation 

Not obvious to implement, the application (the name server) typically
does not know the path MTU before sending an UDP packet to a
destination (it's the kernel's job).

More information about the dns-operations mailing list