[dns-operations] DNS ANY requests / UltraDNS
bert.hubert at netherlabs.nl
Thu Jan 10 13:10:06 UTC 2013
On Thu, Jan 10, 2013 at 08:11:24AM +0100, Florian Weimer wrote:
> Some breakage is unavoidable. Considering that ANY queries rarely
> give the results expected by the sender, refusing them outright makes
> sense to me.
For queries to authoritive servers, the result of an ANY query is very well
defined and useful.
DNS has an amplification problem, and this has long been known. ANY queries
serve a purpose (we use them to get A and AAAA addresses for nameservers in
Stopping ANY queries will only make people move to DNSKEY queries which are
almost as nice.
PowerDNS will already be moving away from the ANY queries (which we only
performed when using IPv6 for outgoing queries) because if the silly
protocol butchering going on.
Instead of shooting ANY, think of something else - this won't solve the
problem. I'm quit appalled at the shortsightedness that is currently going
on regarding ANY.
Face the music: with the advent of DNSSEC, we have a giant reflection
problem regardless of query type.
ANY is not the problem.
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl
More information about the dns-operations