[Bloat] Educate colleges on tcp vs udp

Erik Auerswald auerswal at unix-ag.uni-kl.de
Wed May 26 23:11:41 EDT 2021


Hi Mark,

On 27.05.21 00:44, Mark Andrews wrote:
>> On 24 May 2021, at 04:47, Erik Auerswald <auerswal at unix-ag.uni-kl.de> wrote:
>> Especially if the response needs to be larger than the request,
>> e.g., with DNS, a response rate limit should be applied.
> 
> DNS supports authentication of clients, be it DNS COOKIE, TSIG or
> SIG(0).  If your DNS clients are not using one of these you should
> contact the vendor and request a update.

Most modern DNS server software, including ISC's BIND, implements
response rate limiting.

Thanks,
Erik


More information about the Bloat mailing list