"trivial" changes to DNS (was: OpenNTPProject.org)

[asullivan at dyn.com (Andrew Sullivan)]

On Thu, Jan 16, 2014 at 12:55:18PM -0500, Jared Mauch wrote:
> 	I can point anyone interested to the place in the
> bind source to force it to reply to all UDP queries with TC=1
> to force TCP.  should be safe on any authority servers, as a recursive
> server should be able to do outbound TCP.

You could also (and for most cases, I recommend you do) enable the
Response Rate Limiting patches available on most of the open-source
authoritative servers.  Sorry I didn't think to mention it earlier.  I
thought everyone already knew that.  But it does appear to help.

A

-- 
Andrew Sullivan
Dyn, Inc.
asullivan at dyn.com
v: +1 603 663 0448