[87993] in North American Network Operators' Group
Re: DOS attack against DNS?
daemon@ATHENA.MIT.EDU (Alon Tirosh)
Tue Jan 17 00:12:58 2006
Date: Tue, 17 Jan 2006 00:12:28 -0500
From: Alon Tirosh <j0keralpha@gmail.com>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g38xthmmer.fsf@sa.vix.com>
Errors-To: owner-nanog@merit.edu
------=_Part_2453_9049492.1137474748936
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Not true,. the ANY query has mutliple uses for consolidating multiple
diagnostic queries into a single display, and also for diversion monitoring
systems on small domains or groups of same. Not all of us have the resource=
s
(or time) of large ISPs behind us.
On 15 Jan 2006 17:27:40 +0000, Paul Vixie <vixie@vix.com> wrote:
>
>
> > client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
>
> class "ANY" has no purpose in the real world, not even for debugging. if
> you see it in a query, you can assume malicious intent. if you hear it i=
n
> a query, you can safely ignore that query, or at best, map it to class
> "IN".
> --
> Paul Vixie
>
------=_Part_2453_9049492.1137474748936
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Not true,. the ANY query has mutliple uses for consolidating multiple diagn=
ostic queries into a single display, and also for diversion monitoring syst=
ems on small domains or groups of same. Not all of us have the resources (o=
r time) of large ISPs behind us.
<br><br><div><span class=3D"gmail_quote">On 15 Jan 2006 17:27:40 +0000, <b =
class=3D"gmail_sendername">Paul Vixie</b> <<a href=3D"mailto:vixie@vix.c=
om">vixie@vix.com</a>> wrote:</span><blockquote class=3D"gmail_quote" st=
yle=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex=
; padding-left: 1ex;">
<br>> client xx.xx.xx.xx#6704: query: <a href=3D"http://z.tn.co.za">z.tn=
.co.za</a> ANY ANY +E<br><br>class "ANY" has no purpose in the re=
al world, not even for debugging. if<br>you see it in a query, y=
ou can assume malicious intent. if you hear it in
<br>a query, you can safely ignore that query, or at best, map it to class =
"IN".<br>--<br>Paul Vixie<br></blockquote></div><br>
------=_Part_2453_9049492.1137474748936--
