DNS Seeds responses to DNS queries are usually limited to ~31 addresses based on the response package size (UDP). However, glibc may fallback to TCP if UDP is not available, for which the room for response is much higher (currently limited by us to 256).
This PR reduces that limit to something more similar to what UDP returns (32 addresses) to prevent a rogue seed to have a high influence in our addrman
I think this is a uncontroversial improvement which has even been agreed on in the issue linked by the PR (https://github.com/bitcoin/bitcoin/issues/16070). It’s surprising that this has not been addressed earlier.
net: Decrease nMaxIPs when learning from DNS seeds by laanwj · Pull Request #29850 · bitcoin/bitcoin