A. Schulze <sca at andreasschulze.de> wrote: > > but 4.4 suggest also truncation and force tcp, right? No, it just says implementations can return a full ANY response over TCP if they want - it doesn't say anything about truncation. > could a server send an answer without (or as less as possible data) and > set the TC bit? That would be a bad idea. The point of this draft is to make abusive ANY queries go away with the smallest response possible, so you don't want to encourage traffic to move to heavyweight TCP. There are reflection attacks that abuse recursive servers - sometimes many recursive servers symultaneously. These recursive servers will then bombard the authoritative servers for the name that is being abused in the attack. In this situation, if the authoritative server returns a truncated response, it will have many recursive servers hammering on TCP instead of UDP, which can easily lead to overload. If the authoritative server just returns a small subset response, the abused recursive servers will happily populate their cache with the small response and they won't hammer the authoritative servers, and the attackers will not get the amplification factor that they were expecting. Tony. -- f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode German Bight, Humber, Thames, Dover, Wight, Portland: Variable mainly north 3 or 4, occasionally 5 at first. Mainly slight, but slight or moderate in north German Bight. Showers, perhaps thundery at first. Good, occasionally moderate at first.