disabling "Any" requests

[Phil Mayers]

On 12/07/12 15:16, Lightner, Jeff wrote:

> Personally I don't know why "dig -t any" would be a problem.   It's
> not exactly the same as doing an axfr transfer of the zone - it still
> only gets limited information.

They're the current query type du jour for DDoS amplification attacks, 
which I assume the OP is experiencing.

Personally I feel it's a mistake to focus on the query type; as others 
have pointed out, DNSSEC-signed TXT/SPF records are large, and 
plentiful. Best just focus on query rate.