26 Aug
2018
26 Aug
'18
6:35 p.m.
Hello Michael,
could you merge the series with the second version of this patch then?
Thanks, and best regards, Peter Müller
1M sounds good.
This should never become a problem for zones that use DNSSEC.
On Thu, 2018-08-23 at 21:22 +0200, Peter Müller wrote:
Well, some people consider 10k a good value for this: https://calomel.org/unbound_dns.html
Not sure if this is actually too low. During some attacks, 5M was satisfying here, but I did not dig into thresholds deeper. Simulated attacks did not show a unique behaviour, and their real value is questionable in my point of view.
What do you propose for the value? 1M or 100k?
Best regards, Peter Müller
[snip]
--
Microsoft DNS service terminates abnormally when it recieves a response
to a DNS query that was never made. Fix Information: Run your DNS
service on a different platform.
-- bugtraq