Best practice on TCP replies for ANY queries

• Previous message (by thread): Best practice on TCP replies for ANY queries
• Next message (by thread): Best practice on TCP replies for ANY queries
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/11/2013 1:06 PM, Anurag Bhatia wrote:
>
> I am sure I am not first person experiencing this issue. Curious to hear
> how you are managing it. Also under what circumstances I can get a
> legitimate TCP query on port 53 whose reply exceeds a basic limit of less
> then 1000 bytes?
>
>
>

I'm not a DNS guru so I don't have an exact answer.  However my gut
feeling is that putting in a place a rule to drop or rate limit DNS
replies greater than X bytes is probably going to come back to bite you
in the future.

No one can predict the future of what will constitute legitimate DNS
traffic.

• Previous message (by thread): Best practice on TCP replies for ANY queries
• Next message (by thread): Best practice on TCP replies for ANY queries
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]