Re: Allow-Query=any

Thu, 07 Jan 2016 12:26:05 -0800 


Am 07.01.2016 um 21:18 schrieb G.W. Haywood:

Hi there,

On Thu, 7 Jan 2016, Reindl Harald wrote:


... when somebody wants a information which exists in
the DNS he can ask for that information - unconditionally


you don't get it

if i want to ask for your SOA or NS-records then i ask for them


there is *NO POINT* you can prohibit that unless you need a working 
nameserver and the only thing you *could* achieve is that i need more 
queries than normally needed raising the load on your own namesever


what would happen if you can achieve it:

* in the best case no difference
* in the worst case broken clients and degraded service


prohibit things just for the sake of prohibit them is clueless, 
dangerous and unless you have a *real good* reason for your goal you 
should ask yourself if you *really* have the knowledge to maintain 
public nameservers - sorry - impossible to say that more polite



laptop3:~$ >>> dig -t any lloyds.co.uk



tells me that there is another clueless idiot degrading services as it 
often happens - the larger the comapny the more foolish admins


WHAT do the gain with it?
NOTHING


; <<>> DiG 9.9.5-9+deb8u4-Debian <<>> -t any lloyds.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21502
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lloyds.co.uk.                  IN      ANY

;; ANSWER SECTION:
lloyds.co.uk.           3789    IN      HINFO   "Please stop asking for
ANY" "See draft-jabley-dnsop-refuse-any"
lloyds.co.uk.           137094  IN      NS      dina.ns.cloudflare.com.
lloyds.co.uk.           137094  IN      NS      matt.ns.cloudflare.com.

;; AUTHORITY SECTION:
lloyds.co.uk.           137094  IN      NS      matt.ns.cloudflare.com.
lloyds.co.uk.           137094  IN      NS      dina.ns.cloudflare.com.

;; Query time: 54 msec
;; SERVER: 192.168.44.72#53(192.168.44.72)
;; WHEN: Thu Jan 07 20:17:18 GMT 2016
;; MSG SIZE  rcvd: 197





Attachment:
signature.asc

Description: OpenPGP digital signature


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to