Speaker
Mr
Ólafur Guðmundsson
(CloudFlare Inc.)
Description
DNS ANY queries are a source of controversy and strong feelings. In practice ANY queries are used for debug purposes, but are frequently abused in amplification attacks, as they give the best amplification factor. In some non-traditional DNS authoritative servers the cost of answering ANY queries can be high due to multiple DB lookups and dynamic records.
Once in a while someone thinks that using ANY query is a good way to reliably get all RRsets in one query, frequently without understanding the semantics or implications.
We have explored a number of alternatives to answer ANY queries without breaking any deployed systems, and at the same time discourage the use of ANY query.
In this talk we will cover the alternatives and present our solution to a cacheable, non-breaking “negative” answer to ANY queries.
Primary author
Mr
Ólafur Guðmundsson
(CloudFlare Inc.)
Co-authors
Mr
Filippo Valsorda
(CloudFlare)
Mr
Marek Majkowski
(CloudFlare)
