> "Not supporting" > ANY queries would also have side effects - simply dropping the > query maks the authoritative server appear unresponsive to the > recursive server initiating the query.
Note that in many cases the server receiving the ANY query is a recursive server, not an authoritative server. For instance, the ISP I work for runs several recursive servers. Those recursive servers are only available to the ISP's customers. Even so, those recursive servers are contributing to DDoS attacks - because so many of the *clients* are either CPEs with a DNS proxy open from the WAN side, or customers' general open recursive servers which use the ISP recursive servers as forwarders. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
