On Thu, Jan 16, 2014 at 12:55:18PM -0500, Jared Mauch wrote: > I can point anyone interested to the place in the > bind source to force it to reply to all UDP queries with TC=1 > to force TCP. should be safe on any authority servers, as a recursive > server should be able to do outbound TCP.
You could also (and for most cases, I recommend you do) enable the Response Rate Limiting patches available on most of the open-source authoritative servers. Sorry I didn't think to mention it earlier. I thought everyone already knew that. But it does appear to help. A -- Andrew Sullivan Dyn, Inc. asulli...@dyn.com v: +1 603 663 0448