[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well

Jared Mauch jared at puck.nether.net
Tue Sep 6 14:12:41 UTC 2016


> On Sep 6, 2016, at 10:09 AM, Tony Finch <dot at dotat.at> wrote:
> 
> Jared Mauch <jared at puck.nether.net> wrote:
>> 
>> This is my problem, I’ve relied on ‘any’ for years to not need to know
>> the QTYPE and get back related information at a specific node.
> 
> With minimal-any you can use `dig +tcp`.

The problem is just like queries over TCP, ANY was interpreted slightly
different by folks over the years, hence some of the abuse, types of
abuse and in part this thread.

Like I said, I have my brain mentally programmed to type

dig any nether.net to look for records there vs doing ‘dig {0,255} nether.net’
because the word any in english is appealing.

As usual, better tools and specifications would help.  Retraining my brain?
That’s on me.

- Jared



More information about the dns-operations mailing list