Re: [DNSOP] More work for DNSOP :-)

Evan Hunt <> Fri, 06 March 2015 20:59 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 14AAB1A86EE for <>; Fri, 6 Mar 2015 12:59:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.511
X-Spam-Status: No, score=-0.511 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Zyt7c7IYxCb2 for <>; Fri, 6 Mar 2015 12:59:25 -0800 (PST)
Received: from ( [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8BBA41A86E2 for <>; Fri, 6 Mar 2015 12:59:25 -0800 (PST)
Received: from ( [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "", Issuer "RapidSSL CA" (not verified)) by (Postfix) with ESMTPS id 6CEE41FCAD0; Fri, 6 Mar 2015 20:59:22 +0000 (UTC)
Received: by (Postfix, from userid 10292) id DE7A7216C31; Fri, 6 Mar 2015 20:59:20 +0000 (UTC)
Date: Fri, 06 Mar 2015 20:59:20 +0000
From: Evan Hunt <>
To: Dan York <>
Message-ID: <>
References: <> <> <> <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: Mutt/
Archived-At: <>
Cc: Simon Perreault <>, "" <>, Paul Vixie <>
Subject: Re: [DNSOP] More work for DNSOP :-)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Mar 2015 20:59:27 -0000

On Fri, Mar 06, 2015 at 08:13:09PM +0000, Dan York wrote:
> While I agree with this idea, I wonder if from a clarity of deployment
> point of view, as well as a speed point of view, it would be easier to
> divide this into two different documents:
> 1.  Deprecate the ANY query
> 2. “Meta queries” should be behind some access control mechanism
> Is there anyone arguing that the ANY query should still be around?  Or can
> we agree that ANY is now a query that has outlived its usefulness and
> needs to fade away?

I use QTYPE=ANY for testing and troubleshooting quite frequently, and would
prefer to see it hidden behind an access control mechanism rather than
disabled completely.

(As an aside: I've often wondered why the DNS doesn't have *more* meta-query
types, less extensive than ANY, such as a single type covering A and AAAA.
Or, an EDNS OPT mechanism to request a list of desired types in addition to
QTYPE to be returned in the additional section (subject to packet size, rate
limiting, DNS cookie authentication, whatever).  I would guess the absence
of such conveniences to be the reason Mozilla decided to take their
regrettable shortcut.  It seems like such an obvious optimization, I'm
guessing it was talked to death before I ever started working with the DNS
and there were good reasons not to do it, but I don't actually know what
they were.)

Evan Hunt --
Internet Systems Consortium, Inc.