On 11/8/14 6:33 PM, Roland Dobbins wrote: > this is incorrect and harmful, and should be removed: > > iii. Consider dropping any DNS reply packets which are larger > than 512 Bytes – these are commonly found in DNS DoS Amplification attacks. > > This *breaks the Internet*. Don't do it. +1