Re: [DNSOP] More work for DNSOP :-)
Paul Vixie <paul@redbarn.org> Fri, 06 March 2015 18:59 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36E8C1A1BD9 for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 10:59:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.208
X-Spam-Level:
X-Spam-Status: No, score=0.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_ABOUTYOU=0.5, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U1_QU2-UobzO for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 10:59:28 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AD311A1B6D for <dnsop@ietf.org>; Fri, 6 Mar 2015 10:59:28 -0800 (PST)
Received: from [IPv6:2001:559:8000:cb:b015:3cb0:25ba:df77] (unknown [IPv6:2001:559:8000:cb:b015:3cb0:25ba:df77]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id BF98E1814C; Fri, 6 Mar 2015 18:59:28 +0000 (UTC)
Message-ID: <54F9F90D.1020806@redbarn.org>
Date: Fri, 06 Mar 2015 10:59:25 -0800
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Simon Perreault <sperreault@jive.com>
References: <20150306145217.GA8959@nic.fr> <54F9C29E.9040408@jive.com>
In-Reply-To: <54F9C29E.9040408@jive.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/alternative; boundary="------------030604000404030505000309"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/9skIgFaAbpEpHS2eOSPsSuPZ2mQ>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] More work for DNSOP :-)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 18:59:30 -0000
> Simon Perreault <mailto:sperreault@jive.com> > Friday, March 06, 2015 7:07 AM > > ... > > The problem with ANY is that it appears to work just fine. If a > significant chunk of DNS servers start breaking ANY then it might > discourage naive developers from attempting to use it. there's a much bigger problem with ANY, which is, its only valid use is for diagnostics. like RD=0 sent to a recursive-only non-authoritative name server, its intended purpose is helping other people learn things about your name server state that you get no direct benefit from exposing. mozilla's use of ANY is abusive. when sendmail used to send ANY queries, we thought it could save round trips. we eventually learned that this was crazy-talk. mozilla's abuse inevitably brings cloudflare's defense. let's nip one meme in the bud, though: deprecating ANY will not change the reflecting/amplifying landscape other than to obsolete some of the existing low-end DDoS tools, which will quickly be changed to ask for TXT or NS (or even better, DNSKEY). -- Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Andrew Sullivan
- [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Simon Perreault
- Re: [DNSOP] More work for DNSOP :-) Edward Lewis
- Re: [DNSOP] More work for DNSOP :-) Marcus Grando
- Re: [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Alejandro Acosta
- Re: [DNSOP] More work for DNSOP :-) Simon Perreault
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Edward Lewis
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Bob Harold
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Dan York
- Re: [DNSOP] More work for DNSOP :-) Evan Hunt
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Wouters
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Wouters
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Tony Finch
- Re: [DNSOP] More work for DNSOP :-) Olafur Gudmundsson
- Re: [DNSOP] More work for DNSOP :-) Paul Hoffman
- Re: [DNSOP] More work for DNSOP :-) Andreas Gustafsson
- Re: [DNSOP] More work for DNSOP :-) Tony Finch
- Re: [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- [DNSOP] Why no more meta-queries? (Was: More work… Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Paul Hoffman
- Re: [DNSOP] Why no more meta-queries? (Was: More … Ray Bellis
- Re: [DNSOP] More work for DNSOP :-) Olafur Gudmundsson
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … Robert Edmonds
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … W.C.A. Wijngaards
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque