[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

sthaug at nethelp.no sthaug at nethelp.no
Sun Jun 10 18:26:08 UTC 2012

> "Not supporting"
> ANY queries would also have side effects - simply dropping the
> query maks the authoritative server appear unresponsive to the
> recursive server initiating the query.

Note that in many cases the server receiving the ANY query is a
recursive server, not an authoritative server.

For instance, the ISP I work for runs several recursive servers. Those
recursive servers are only available to the ISP's customers. Even so,
those recursive servers are contributing to DDoS attacks - because so
many of the *clients* are either CPEs with a DNS proxy open from the
WAN side, or customers' general open recursive servers which use the
ISP recursive servers as forwarders.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the dns-operations mailing list