X-RT-Original-Encoding: utf-8 Content-Transfer-Encoding: binary X-Mailer: MIME-tools 5.508 (Entity 5.508) Message-ID: References: X-RT-Interface: Web Content-Disposition: inline In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" RT-Send-CC: Content-Length: 962 Hi Tony, On Fri Aug 04 13:43:52 2017, dot@dotat.at wrote: > It's possible for minimal-any to accidentally return large responses, if > it happens to choose the DNSKEY or CDNSKEY RRset. In those cases the > RRset should be at the zone apex, so we can skip it and there will be > another RRset to put in the response. It's not guaranteed that a DNSKEY is at a zone apex; someone could configure a zone weirdly. Also, other types than DNSKEY can hold a lot of data, so this isn't a general solution to the problem. It might be useful to add a dns_rdataset_size() function and prefer the smallest rdataset at a name. Or just have a threshold size, above which you check to see if there's another rdataset when putting together a minimal-any response. But I'm not comfortable with the "skip DNSKEY" method. > Similarly, minimal-responses are turned on for DNSKEY and DS queries, so > do the same for CDNSKEY and CDS. I'm fine with this change and will commit it.