dnscache (djbdns) - Send a truncated response to ANY queries sent using UDP in order to mitigate DNS amplification. Similar to the Bind ANY+TCP patch by Jared Mauch.

force-tcp-for-any-queries.diff

--- dnscache.c.orig  2011-11-18 20:35:48.000000000 -0800
+++ dnscache.c	2013-05-15 15:57:23.000000000 -0700
@@ -77,7 +77,7 @@
 {
   if (!u[j].active) return;
   response_id(u[j].id);
-  if (response_len > 512) response_tc();
+  if (response_len > 512 || byte_equal(u[j].q.type,2,DNS_T_ANY)) response_tc();
   socket_send4(udp53,response,response_len,u[j].ip,u[j].port);
   log_querydone(&u[j].active,response_len);
   u[j].active = 0; --uactive;