[dns-operations] DNS ANY requests / UltraDNS
Tony Finch
dot at dotat.at
Thu Jan 10 12:24:48 UTC 2013
Florian Weimer <fw at deneb.enyo.de> wrote:
>
> This will still break things because prior to the change, large
> authoritative ANY responses are truncated without setting TC=1.
That isn't true for BIND or ATLAS. NSD I'm not sure about since the
root servers that run NSD send minimal truncated responses to ANY
queries, and I don't know of other handy NSD servers to test.
; <<>> DiG 9.9.2-vjs340.03-P1 <<>> +noedns +norec +ignore any cam.ac.uk @131.111.8.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52413
;; flags: qr aa tc; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
; <<>> DiG 9.9.2-vjs340.03-P1 <<>> +noedns +norec +ignore any . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5963
;; flags: qr aa tc; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0
; <<>> DiG 9.9.2-vjs340.03-P1 <<>> +noedns +norec +ignore any . @k.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38224
;; flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> Some breakage is unavoidable. Considering that ANY queries rarely
> give the results expected by the sender, refusing them outright makes
> sense to me.
Authoritative servers should give the expected results to ANY queries.
Caches, not so much.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the dns-operations
mailing list