Defeating DNS/UDP Fragmentation Attacks
Internet Systems Consortium
It is possible to force a DNS server to fragment its response such that a fragmentation reassembly attack can insert records into the response. This document uses TSIG with a well known key to defeat such attacks.