Le 2015-03-06 13:59, Paul Vixie a écrit :
Simon Perreault <mailto:sperrea...@jive.com>
Friday, March 06, 2015 7:07 AM
The problem with ANY is that it appears to work just fine. If a
significant chunk of DNS servers start breaking ANY then it might
discourage naive developers from attempting to use it.
there's a much bigger problem with ANY, which is, its only valid use is
for diagnostics.
Private email, and this public one, made me realize that what I wrote
wasn't clear: discouraging naive developers from attempting to use ANY
is a *good thing*. Breaking ANY is a *good thing*. Let's do this.
like RD=0 sent to a recursive-only non-authoritative
name server, its intended purpose is helping other people learn things
about your name server state that you get no direct benefit from exposing.
mozilla's use of ANY is abusive. when sendmail used to send ANY queries,
we thought it could save round trips. we eventually learned that this
was crazy-talk. mozilla's abuse inevitably brings cloudflare's defense.
Full agreement.
All of that would not be so bad if ANY did not appear to work. Mozilla,
and others, would not have used ANY if it had not appeared to work.
That's why ANY is so subversive.
Let's break it significantly so it doesn't appear to work anymore.
Simon
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
