> Simon Perreault <mailto:sperrea...@jive.com> > Friday, March 06, 2015 7:07 AM > > ... > > The problem with ANY is that it appears to work just fine. If a > significant chunk of DNS servers start breaking ANY then it might > discourage naive developers from attempting to use it.
there's a much bigger problem with ANY, which is, its only valid use is for diagnostics. like RD=0 sent to a recursive-only non-authoritative name server, its intended purpose is helping other people learn things about your name server state that you get no direct benefit from exposing. mozilla's use of ANY is abusive. when sendmail used to send ANY queries, we thought it could save round trips. we eventually learned that this was crazy-talk. mozilla's abuse inevitably brings cloudflare's defense. let's nip one meme in the bud, though: deprecating ANY will not change the reflecting/amplifying landscape other than to obsolete some of the existing low-end DDoS tools, which will quickly be changed to ask for TXT or NS (or even better, DNSKEY). -- Paul Vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
