Hello Michael,

could you merge the series with the second version of this patch
then?

Thanks, and best regards,
Peter Müller 

> 1M sounds good.
> 
> This should never become a problem for zones that use DNSSEC.
> 
> On Thu, 2018-08-23 at 21:22 +0200, Peter Müller wrote:
>> Well, some people consider 10k a good value for this:
>> https://calomel.org/unbound_dns.html
> 
>> Not sure if this is actually too low. During some attacks, 5M
>> was satisfying here, but I did not dig into thresholds deeper.
>> Simulated attacks did not show a unique behaviour, and their
>> real value is questionable in my point of view.
> 
>> What do you propose for the value? 1M or 100k?
> 
>> Best regards,
>> Peter Müller
> [snip]
-- 
Microsoft DNS service terminates abnormally when it recieves a response
to a DNS query that was never made.  Fix Information: Run your DNS
service on a different platform.
		-- bugtraq