[Unbound-users] Maximum size of UDP responses?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Mar 29 12:59:36 UTC 2013
On Fri, Mar 29, 2013 at 09:54:31PM +0900,
Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote
a message of 199 lines which said:
> "max-udp-size" is almost exactly same as BIND9's.
Very good idea. I note that NSD has two parameters for that, one for
IPv4 responses and one for IPv6 (to deal with MTU issues). I wonder if
it's worth the complexity?
> ACL action "allow_minimal" is like "allow" but limits UDP response
> size up to 512 bytes. Essentially it limits amplification rate of
> DNS traffic reflection attack more aggressively.
Very good idea.
More information about the Unbound-users
mailing list