Maintained by: NLnet Labs

[Unbound-users] Maximum size of UDP responses?

Stephane Bortzmeyer
Fri Mar 29 13:59:36 CET 2013


On Fri, Mar 29, 2013 at 09:54:31PM +0900,
 Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote 
 a message of 199 lines which said:

> "max-udp-size" is almost exactly same as BIND9's.

Very good idea. I note that NSD has two parameters for that, one for
IPv4 responses and one for IPv6 (to deal with MTU issues). I wonder if
it's worth the complexity?

> ACL action "allow_minimal" is like "allow" but limits UDP response
> size up to 512 bytes. Essentially it limits amplification rate of
> DNS traffic reflection attack more aggressively.

Very good idea.