[dns-operations] happy september!

Tony Finch dot at dotat.at
Tue Sep 6 15:52:22 UTC 2016

Jared Mauch <jared at puck.nether.net> wrote:
> This is why I’ve preferred to push ANY to TCP myself.  It works and is
> defensible in any/all cases and doesn’t require the user to type +tcp or
> other esoteric options that are non-obvious.

It isn't entirely wonderful.

An attacker that is reflecting off a recursive server can still use your
domain for a big amplification factor. If the attacker is using a lot of
recursive servers, you have to deal with a lot of TCP traffic.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Lundy, Fastnet, Irish Sea: South or southeast 4 or 5, occasionally 6 later
except in Irish Sea. Slight or moderate. Drizzle, fog patches. Moderate,
occasionally very poor.

More information about the dns-operations mailing list