nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "trivial" changes to DNS (was: OpenNTPProject.org)

From: Andrew Sullivan <asullivan () dyn com>
Date: Thu, 16 Jan 2014 14:33:22 -0500
On Thu, Jan 16, 2014 at 12:55:18PM -0500, Jared Mauch wrote:

      I can point anyone interested to the place in the
bind source to force it to reply to all UDP queries with TC=1
to force TCP.  should be safe on any authority servers, as a recursive
server should be able to do outbound TCP.


You could also (and for most cases, I recommend you do) enable the
Response Rate Limiting patches available on most of the open-source
authoritative servers.  Sorry I didn't think to mention it earlier.  I
thought everyone already knew that.  But it does appear to help.

A

-- 
Andrew Sullivan
Dyn, Inc.
asullivan () dyn com
v: +1 603 663 0448
Previous By Date Next
Previous By Thread Next

Current thread: