any requests

[Vernon Schryver]

> From: Tony Finch <dot at dotat.at>

> You are not quite correct. See http://fanf.livejournal.com/122220.html for
> details.

It is obvious to anyone willing to spend a few seconds experimenting that 
is true of current BIND9 code (and as far as I know old versions):

}  If a DNS cache already has any records (usually an A record) for
}  a domain, an ANY query won't make its resolver fetch the other types


However, it is also obvious to anyone to spend almost as little time
that is not true about Google, OpenDNS, and some intentionally other
open DNS resolvers.

If you have a domain to which you can can add records for a subdomain
with differing 5-30 second TTLs and can spend not just 5 seconds but
a few minutes playing around, you might come to my conclusion.  I think
they treat ANY as if it were psuedo-rdataset containing some of the
RRs for the domain with a TTL equal to the minimum of all of the TTLs
of the contained rdatasets.  (I thought I sometimes get only some of
the record types for my Christmas tree test domain from 8.8.8.8, but
now I seem to always get all of them.)

That means that if
  - you assume (in my view unwisely) that those open DNS resolvers
      won't change how they handle ANY
  - your SMTP client (mail sender) uses one of those DNS resolvers,
then it can get the MX, A, and AAAA records (or their absences) with
a single ANY request.  

5 years ago that might have been a good hack, because it would reduce
the number of DNS round trips for SMTP clients.  In the future it won't
be a good hack and probably is not good today, because the ANY
psuedo-rdataset can be enormous and can require the truncated-UDP/TCP-retry
dance as well as the CPU costs of parsing and discarding almost all
of a giant response.  When you ask for ANY, you should not only get
MX, A, and AAAA, but also TXT, SRV, SPF, DNSKEY, and any others as
well as RRSIGs for everything.


Vernon Schryver    vjs at rhyolite.com