[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Jun 10 11:57:59 UTC 2012

On Sun, Jun 10, 2012 at 04:24:51AM -0700,
 Kyle Creyts <kyle.creyts at gmail.com> wrote 
 a message of 65 lines which said:

> are there legitimate reasons to continue supporting ANY queries?

They are very useful for debugging. I would regret their
disappearance. What about forcing TCP for ANY requests only? It would
limit ANY requests to people who don't spoof their source IP address.

I do not know how to force TC for replies to ANY queries. Patches for
BIND and nsd are welcome. In the mean time, limiting the outbound size
to something that will probably affect only ANY queries is a possible workaround:

max-udp-size 1460

ipv4-edns-size: 1460
ipv6-edns-size: 1460

More information about the dns-operations mailing list