[176524] in North American Network Operators' Group
Re: Comcast residential DNS contact
daemon@ATHENA.MIT.EDU (Grant Ridder)
Wed Dec 3 13:02:02 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <547F3069.20602@gameservers.com>
Date: Wed, 3 Dec 2014 09:54:03 -0800
From: Grant Ridder <shortdudey123@gmail.com>
To: Brian Rak <brak@gameservers.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi Everyone,
Thanks for the replies! After reading them, i am doing some digging into
DNS RFC's and haven't found much with respect to ANY queries. Not
responding with full results to protect against being used in an attack
makes sense. However, I find it odd that only 1 of the 4 anycast servers I
tried would institute this.
Also, as a side note, i hit all 4 anycast servers on both v4 and v6 with
similar results already.
-Grant
On Wed, Dec 3, 2014 at 7:46 AM, Brian Rak <brak@gameservers.com> wrote:
> Shouldn't everyone be on IPv6 these days anyway ;)
>
>
> On 12/3/2014 10:28 AM, Jared Mauch wrote:
>
>> So have A record queries. Do you filter those as well?
>>
>> Jared Mauch
>>
>> On Dec 3, 2014, at 9:08 AM, Stephen Satchell <list@satchell.net> wrote:
>>>
>>> On 12/03/2014 04:04 AM, Niels Bakker wrote:
>>>> * shortdudey123@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
>>>>
>>>>> Both of Google=E2=80=99s public DNS servers return complete results e=
very time
>>>>> and one of the two comcast ones works fine.
>>>>>
>>>>> If this is working by design, can you provide the RFC with that info?
>>>>>
>>>> An ANY query will typically return only what's already in the cache. =
So
>>>> if you ask for MX records first and then query the same caching resolv=
er
>>>> for ANY it won't return, say, any TXT records that may be present at t=
he
>>>> authoritative nameserver.
>>>>
>>>> This could be implementation dependent, but Comcast's isn't wrong, and
>>>> you should not rely on ANY queries returning full data. This has been
>>>> hashed out to tears in the past, for example when qm**l used to do the=
se
>>>> queries in an attempt to optimise DNS query volumes and RTT.
>>>>
>>> At the ISP I consult to, I filter all ANY queries, because they have
>>> been used for DNS amplification attacks.
>>>
>>
>
