[dns-operations] if you're banning ANY queries, don't forget to ban SOA as well
Mark Andrews
marka at isc.org
Wed Sep 7 02:20:56 UTC 2016
In message <F23E461E-138A-410C-9E7A-E5F649F2C340 at puck.nether.net>, Jared Mauch writes:
>
> > On Sep 6, 2016, at 10:09 AM, Tony Finch <dot at dotat.at> wrote:
> >
> > Jared Mauch <jared at puck.nether.net> wrote:
> >>
> >> This is my problem, Ive relied on any for years to not need to know
> >> the QTYPE and get back related information at a specific node.
> >
> > With minimal-any you can use `dig +tcp`.
>
> The problem is just like queries over TCP, ANY was interpreted slightly
> different by folks over the years, hence some of the abuse, types of
> abuse and in part this thread.
>
> Like I said, I have my brain mentally programmed to type
>
> dig any nether.net to look for records there vs doing dig {0,255}
> nether.net
> because the word any in english is appealing.
You will note that "ANY" isn't a type (or class) name. It is "*".
And when that fails because the response doesn't fit in 64K?
And types above 255 exist today.
* 255 A request for all records the server/cache has available [RFC1035][RFC6895]
URI 256 URI [RFC7553] URI/uri-completed-template 2011-02-22
CAA 257 Certification Authority Restriction [RFC6844] CAA/caa-completed-template 2011-04-07
AVC 258 Application Visibility and Control [Wolfgang_Riedel] AVC/avc-completed-template 2016-02-26
TA 32768 DNSSEC Trust Authorities [Sam_Weiler][http://cameo.library.cmu.edu/][ Deploying DNSSEC Without a Signed Root. Technical Report 1999-19, Information Networking Institute, Carnegie Mellon University, April 2004.] 2005-12-13
DLV 32769 DNSSEC Lookaside Validation [RFC4431]
> As usual, better tools and specifications would help. Retraining my
> brain?
> Thats on me.
>
> - Jared
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list