On Thu, Jan 7, 2016 at 3:25 PM Reindl Harald <h.rei...@thelounge.net> wrote:
> > > Am 07.01.2016 um 21:18 schrieb G.W. Haywood: > > Hi there, > > > > On Thu, 7 Jan 2016, Reindl Harald wrote: > > > >> ... when somebody wants a information which exists in > >> the DNS he can ask for that information - unconditionally > > you don't get it > > if i want to ask for your SOA or NS-records then i ask for them > > there is *NO POINT* you can prohibit that unless you need a working > nameserver and the only thing you *could* achieve is that i need more > queries than normally needed raising the load on your own namesever > > what would happen if you can achieve it: > > * in the best case no difference > * in the worst case broken clients and degraded service > > prohibit things just for the sake of prohibit them is clueless, > dangerous and unless you have a *real good* reason for your goal you > should ask yourself if you *really* have the knowledge to maintain > public nameservers - sorry - impossible to say that more polite > > > laptop3:~$ >>> dig -t any lloyds.co.uk > > tells me that there is another clueless idiot degrading services as it > often happens - the larger the comapny the more foolish admins > > WHAT do the gain with it? > NOTHING > > Reindl, did you read the draft referred to in the HINFO? ( https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ ). It clearly outlines the reasons that cloudfare is doing this. This document was discussed in the DNSOP WG, and was presented at a few meetings. The consensus within the DNSOP WG was to adopt and work on the draft, so I object to your characterization of this as "another clueless idiot degrading services" at a large company. Olafur and Joe (the authors of this) are far from clueless idiots. In addition, please try to moderate your tone - people come to the BIND Users list for assistance - your argumentative (and often insulting) posts are not helpful to building a community. W > > ; <<>> DiG 9.9.5-9+deb8u4-Debian <<>> -t any lloyds.co.uk > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21502 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1 > > > > ;; OPT PSEUDOSECTION: > > ; EDNS: version: 0, flags:; udp: 4096 > > ;; QUESTION SECTION: > > ;lloyds.co.uk. IN ANY > > > > ;; ANSWER SECTION: > > lloyds.co.uk. 3789 IN HINFO "Please stop asking for > > ANY" "See draft-jabley-dnsop-refuse-any" > > lloyds.co.uk. 137094 IN NS dina.ns.cloudflare.com. > > lloyds.co.uk. 137094 IN NS matt.ns.cloudflare.com. > > > > ;; AUTHORITY SECTION: > > lloyds.co.uk. 137094 IN NS matt.ns.cloudflare.com. > > lloyds.co.uk. 137094 IN NS dina.ns.cloudflare.com. > > > > ;; Query time: 54 msec > > ;; SERVER: 192.168.44.72#53(192.168.44.72) > > ;; WHEN: Thu Jan 07 20:17:18 GMT 2016 > > ;; MSG SIZE rcvd: 197 > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
