3-5 October 2015
Fairmont Queen Elizabeth
US/Eastern timezone

Neutering ANY queries: how we did it

4 Oct 2015, 10:00
30m
St-Francois (Fairmont Queen Elizabeth)

St-Francois

Fairmont Queen Elizabeth

900 René-Lévesque Blvd W Montreal, QC H3B 4A5 Canada

Speaker

Mr. Ólafur Guðmundsson (CloudFlare Inc.)

Description

DNS ANY queries are a source of controversy and strong feelings. In practice ANY queries are used for debug purposes, but are frequently abused in amplification attacks, as they give the best amplification factor. In some non-traditional DNS authoritative servers the cost of answering ANY queries can be high due to multiple DB lookups and dynamic records. Once in a while someone thinks that using ANY query is a good way to reliably get all RRsets in one query, frequently without understanding the semantics or implications. We have explored a number of alternatives to answer ANY queries without breaking any deployed systems, and at the same time discourage the use of ANY query. In this talk we will cover the alternatives and present our solution to a cacheable, non-breaking “negative” answer to ANY queries.

Primary author

Mr. Ólafur Guðmundsson (CloudFlare Inc.)

Co-authors

Mr. Filippo Valsorda (CloudFlare) Mr. Marek Majkowski (CloudFlare)

Presentation Materials

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×