[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

Tony Finch dot at dotat.at
Mon Jun 11 11:34:38 UTC 2012

Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> What about forcing TCP for ANY requests only?

I think it's wrong to focus on ANY queries: restricting them just
encourages the attackers to move on to another query type. For a domain
with DNSSEC you get almost as much data in return to an MX query - 2KB vs
1.5KB for cam.ac.uk.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Shannon: Variable 3 at first in southeast, otherwise northerly 4 or 5,
occasionally 6 later. Moderate. Showers. Good.

More information about the dns-operations mailing list