Personally RRSIG is worse for a implementer than ANY. I remember a time when there was a hope that you could do DNSSEC through a non DNSSEC aware server. RRSIG queries come from such a time. I would be happy to ban RRSIG queries.
That said banning RRSIG or ANY queries won't help with amplification issues. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
