[dns-operations] Why would an MTA issue an ANY query instead of an MX query?
Tony Finch
dot at dotat.at
Mon Jun 11 11:34:38 UTC 2012
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> What about forcing TCP for ANY requests only?
I think it's wrong to focus on ANY queries: restricting them just
encourages the attackers to move on to another query type. For a domain
with DNSSEC you get almost as much data in return to an MX query - 2KB vs
1.5KB for cam.ac.uk.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Shannon: Variable 3 at first in southeast, otherwise northerly 4 or 5,
occasionally 6 later. Moderate. Showers. Good.
More information about the dns-operations
mailing list