tcp timeout
just look at the difference between cloudflare public dns and a named setup
this can be easily exploitet by bad clients and even without real attacks i see regulary syncookies enabled by the OS on all our public nameservers
[harry@srv-rhsoft:~]$ time telnet 1.1.1.1 53
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
Connection closed by foreign host.
real 0m1,022s
user 0m0,000s
sys 0m0,002s
[harry@srv-rhsoft:~]$ time telnet ns1.thelounge.net 53
Trying 85.124.176.242...
Connected to ns1.thelounge.net.
Escape character is '^]'.
Connection closed by foreign host.
real 0m30,023s
user 0m0,000s
sys 0m0,002s