[168269] in North American Network Operators' Group
Re: "trivial" changes to DNS (was: OpenNTPProject.org)
daemon@ATHENA.MIT.EDU (Andrew Sullivan)
Thu Jan 16 14:33:46 2014
Date: Thu, 16 Jan 2014 14:33:22 -0500
From: Andrew Sullivan <asullivan@dyn.com>
To: nanog@nanog.org
In-Reply-To: <20140116175518.GA27572@puck.nether.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 16, 2014 at 12:55:18PM -0500, Jared Mauch wrote:
> I can point anyone interested to the place in the
> bind source to force it to reply to all UDP queries with TC=1
> to force TCP. should be safe on any authority servers, as a recursive
> server should be able to do outbound TCP.
You could also (and for most cases, I recommend you do) enable the
Response Rate Limiting patches available on most of the open-source
authoritative servers. Sorry I didn't think to mention it earlier. I
thought everyone already knew that. But it does appear to help.
A
--
Andrew Sullivan
Dyn, Inc.
asullivan@dyn.com
v: +1 603 663 0448
