Re: [DNSOP] [dns-operations] dnsop-any-notimp violates the DNS standards

[Paul Vixie <paul@redbarn.org>]

> bert hubert <mailto:bert.hubert@netherlabs.nl>
> Tuesday, March 17, 2015 12:05 AM
>
> Sorry? We solve implementation hardship by standards action now?

as with client-subnet, we recognize that people will do what they want,
or stop doing what they don't want, especially if they are CDN providers
with a lot of revenue and a lot of expense riding on their choices. i
don't love this situation but i can tell you that quoting specifications
at folks and using words like "mandatory" isn't the way to change their
minds (or their deeds.)

noting that there's a more-than-ten-years-old CNAME patch to qmail that
just about everybody is supposedly running, i expect the operational
impact of phasing out ANY to be ~0. also, a lot of operators foolishly
patched their BIND servers to stop answering ANY because they considered
it a DDoS risk (which is patently insane but please don't shoot the
messenger) and not a single qmail user was heard from on the matter.

the internet works by cooperation. often, first mover advantage is
sticky. but almost as often, somebody like the mozilla dev team decides
that something like ANY is the solution to their API layering problem,
and the rest of us rip the bandaids off and study the underlying wound.
so it is in this case. now, mozilla has backed off, but the underlying
wound remains a visible topic of conversation.

to me the use case is, it's an information leak, and i don't want my
cache probed, and i can't tell the difference between a cache prober and
qmail, so into the same stew pot they both must go. (along with RD=0 on
an RA=1 server.)

-- 
Paul Vixie