Oct 3 – 5, 2015
Fairmont Queen Elizabeth
US/Eastern timezone

Neutering ANY queries: how we did it

Oct 4, 2015, 10:00 AM
St-Francois (Fairmont Queen Elizabeth)


Fairmont Queen Elizabeth

900 René-Lévesque Blvd W Montreal, QC H3B 4A5 Canada


Mr Ólafur Guðmundsson (CloudFlare Inc.)


DNS ANY queries are a source of controversy and strong feelings. In practice ANY queries are used for debug purposes, but are frequently abused in amplification attacks, as they give the best amplification factor. In some non-traditional DNS authoritative servers the cost of answering ANY queries can be high due to multiple DB lookups and dynamic records. Once in a while someone thinks that using ANY query is a good way to reliably get all RRsets in one query, frequently without understanding the semantics or implications. We have explored a number of alternatives to answer ANY queries without breaking any deployed systems, and at the same time discourage the use of ANY query. In this talk we will cover the alternatives and present our solution to a cacheable, non-breaking “negative” answer to ANY queries.

Primary author

Mr Ólafur Guðmundsson (CloudFlare Inc.)


Mr Filippo Valsorda (CloudFlare) Mr Marek Majkowski (CloudFlare)

Presentation materials