Hello everyone I noticed some issues on one of DNS server I am managing. It was getting queries for couple of attacking domains and server was replying in TCP with 3700 bytes releasing very heavy packets. Now I see presence of some (legitimate) DNS forwarders and hence I don't wish to limit queries. As I understand there are two ways here for fix: 1. I can put a DNS rate limit in reply to ANY packets like say 5 replies in every one min. (but again I have some forwarders with quite a few machines behind them). 2. Other way is limiting TCP port 53 outbound size ...limiting to say 600-700 bytes or so. I am sure I am not first person experiencing this issue. Curious to hear how you are managing it. Also under what circumstances I can get a legitimate TCP query on port 53 whose reply exceeds a basic limit of less then 1000 bytes? Thanks. -- Anurag Bhatia anuragbhatia.com Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter<https://twitter.com/anurag_bhatia> Skype: anuragbhatia.com