[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Sep 15 08:25:27 UTC 2014


On Sat, Sep 13, 2014 at 09:37:52AM +0000,
 Franck Martin <fmartin at linkedin.com> wrote 
 a message of 61 lines which said:

> -limit size to <1500? on both IPv4 and IPv6?

It may be interesting against amplification attacks (although it seems
everyone moved to NTP amplification attacks, abandoning the DNS). For
fragmentation, I would not care, as explained here.

On an authoritative name server, you know the response sizes (use DSC
to see it). DNSKEY responses are typically the largest. Check it
before decreasing the limit.




More information about the dns-operations mailing list