25 Feb
2006
25 Feb
'06
9 a.m.
In message <Pine.GSO.4.62.0602241629470.21514@qentba.nf23028.arg>, Rob Thomas w rites:
Limit UDP queries to 512 bytes. This greatly decreases the amplification affect, though it doesn't stop it.
Unfortunately, the intention of the DNS developers is just the opposite. Things like DNSSEC require larger packet sizes; in fact, there's a DNS extension (EDNS0) whose purpose, among others, it to permit this. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb