[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well

Roland Dobbins rdobbins at arbor.net
Mon Sep 5 10:02:59 UTC 2016

On 5 Sep 2016, at 12:56, Shane Kerr wrote:

> Operators have pointed out many times that blocking ANY seems to help 
> them in practice.

In practice, I've blocked ANY requests when I've had to in a given 
tactical situation, and advised others to do so in similar situations 
when it was part of the least-worst option set to achieve partial 
service recovery.

That's different from blocking them all the time.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list