Best practice on TCP replies for ANY queries

ML ml at
Wed Dec 11 18:19:35 UTC 2013

On 12/11/2013 1:06 PM, Anurag Bhatia wrote:
> I am sure I am not first person experiencing this issue. Curious to hear
> how you are managing it. Also under what circumstances I can get a
> legitimate TCP query on port 53 whose reply exceeds a basic limit of less
> then 1000 bytes?

I'm not a DNS guru so I don't have an exact answer.  However my gut
feeling is that putting in a place a rule to drop or rate limit DNS
replies greater than X bytes is probably going to come back to bite you
in the future.

No one can predict the future of what will constitute legitimate DNS

More information about the NANOG mailing list