[dns-operations] happy september!

Jared Mauch jared at puck.nether.net
Tue Sep 6 14:59:04 UTC 2016


> On Sep 6, 2016, at 10:30 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
> 
> One must do what one must do during an attack to maintain availability.  I've cheerfully blocked ANY queries *and* responses, when needed, *during attacks*.
> 
> That's quite a different thing than recommending it as an always-on setting.

This is why I’ve preferred to push ANY to TCP myself.  It works and is defensible in any/all cases and doesn’t require the user to type +tcp or other esoteric options that are non-obvious.

Well behaved ecosystem will do the right thing, and broken people will remain broken until they fix themselves.

- Jared



More information about the dns-operations mailing list