[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

Peter Koch pk at DENIC.DE
Sun Jun 10 17:10:00 UTC 2012


On Sun, Jun 10, 2012 at 04:24:51AM -0700, Kyle Creyts wrote:
> So, list, I am young and foolish. Aside from being in the RFC, are there
> legitimate reasons to continue supporting ANY queries?

ANY queries are not bad per se, even though their use in production
queries is ill advised.  Big responses can be triggered by queries
for DNSKEY RRs or using the properties of NSEC3. "Not supporting"
ANY queries would also have side effects - simply dropping the
query maks the authoritative server appear unresponsive to the
recursive server initiating the query.  Of course we could
start work on a 'payload size symmetry' EDNS option, but that would
likely have a painful deployment curve, as well.
And ever more special casing for limited effect has its cost, too.

-Peter



More information about the dns-operations mailing list