[dns-operations] happy september!
Jared Mauch
jared at puck.nether.net
Tue Sep 6 14:59:04 UTC 2016
> On Sep 6, 2016, at 10:30 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
>
> One must do what one must do during an attack to maintain availability. I've cheerfully blocked ANY queries *and* responses, when needed, *during attacks*.
>
> That's quite a different thing than recommending it as an always-on setting.
This is why I’ve preferred to push ANY to TCP myself. It works and is defensible in any/all cases and doesn’t require the user to type +tcp or other esoteric options that are non-obvious.
Well behaved ecosystem will do the right thing, and broken people will remain broken until they fix themselves.
- Jared
More information about the dns-operations
mailing list