%% You should probably cite draft-fujiwara-dnsop-fragment-attack-01 instead of this revision. @techreport{fujiwara-dnsop-fragment-attack-00, number = {draft-fujiwara-dnsop-fragment-attack-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-fragment-attack/00/}, author = {Kazunori Fujiwara}, title = {{Measures against cache poisoning attacks using IP fragmentation in DNS}}, pagetotal = 10, year = 2019, month = feb, day = 15, abstract = {Researchers proposed DNS cache poisoning attacks using IP fragmentation. This document shows feasible and adequate measures at full-service resolvers against these attacks. To protect resolvers from these attacks, avoid fragmentation (limit requestor's UDP payload size to 1220/1232), drop fragmented UDP DNS responses and use TCP at resolver side.}, }