Allow-Query=any

Warren Kumari warren at kumari.net
Thu Jan 7 21:31:43 UTC 2016 

On Thu, Jan 7, 2016 at 3:25 PM Reindl Harald <h.reindl at thelounge.net> wrote:

>
>
> Am 07.01.2016 um 21:18 schrieb G.W. Haywood:
> > Hi there,
> >
> > On Thu, 7 Jan 2016, Reindl Harald wrote:
> >
> >> ... when somebody wants a information which exists in
> >> the DNS he can ask for that information - unconditionally
>
> you don't get it
>
> if i want to ask for your SOA or NS-records then i ask for them
>
> there is *NO POINT* you can prohibit that unless you need a working
> nameserver and the only thing you *could* achieve is that i need more
> queries than normally needed raising the load on your own namesever
>
> what would happen if you can achieve it:
>
> * in the best case no difference
> * in the worst case broken clients and degraded service
>
> prohibit things just for the sake of prohibit them is clueless,
> dangerous and unless you have a *real good* reason for your goal you
> should ask yourself if you *really* have the knowledge to maintain
> public nameservers - sorry - impossible to say that more polite
>
> > laptop3:~$ >>> dig -t any lloyds.co.uk
>
> tells me that there is another clueless idiot degrading services as it
> often happens - the larger the comapny the more foolish admins
>
> WHAT do the gain with it?
> NOTHING
>
>
Reindl, did you read the draft referred to in the HINFO? (
https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ ). It clearly
outlines the reasons that cloudfare is doing this. This document was
discussed in the DNSOP WG, and was presented at a few meetings.
The consensus within the DNSOP WG was to adopt and work on the draft, so I
object to your characterization of this as "another clueless idiot
degrading services" at a large company.
Olafur and Joe (the authors of this) are far from clueless idiots.
In addition, please try to moderate your tone - people come to the BIND
Users list for assistance - your argumentative (and often insulting) posts
are not helpful to building a community.

W



> > ; <<>> DiG 9.9.5-9+deb8u4-Debian <<>> -t any lloyds.co.uk
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21502
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;lloyds.co.uk.                  IN      ANY
> >
> > ;; ANSWER SECTION:
> > lloyds.co.uk.           3789    IN      HINFO   "Please stop asking for
> > ANY" "See draft-jabley-dnsop-refuse-any"
> > lloyds.co.uk.           137094  IN      NS      dina.ns.cloudflare.com.
> > lloyds.co.uk.           137094  IN      NS      matt.ns.cloudflare.com.
> >
> > ;; AUTHORITY SECTION:
> > lloyds.co.uk.           137094  IN      NS      matt.ns.cloudflare.com.
> > lloyds.co.uk.           137094  IN      NS      dina.ns.cloudflare.com.
> >
> > ;; Query time: 54 msec
> > ;; SERVER: 192.168.44.72#53(192.168.44.72)
> > ;; WHEN: Thu Jan 07 20:17:18 GMT 2016
> > ;; MSG SIZE  rcvd: 197
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160107/ba6a17a5/attachment.html>

More information about the bind-users mailing list