Nope - I tested this some time ago - mail delivery from certain large providers will fail as they don't do MX requests, even if the ANY fail's it seems.
-----Original Message----- From: dns-operations-boun...@lists.dns-oarc.net [mailto:dns-operations-boun...@lists.dns-oarc.net] On Behalf Of DTNX Postmaster Sent: 10 June 2012 11:07 To: DNS Operations List Subject: Re: [dns-operations] annoying DDoS attack on ns0.rfc1035.com On Jun 10, 2012, at 10:59, Dobbins, Roland wrote: > On Jun 10, 2012, at 3:45 PM, Jim Reid wrote: > >> And why pick on my name server which has never done anyone any harm? > > They're just looking for ANY records, there's no rhyme or reason to it. > They're spoofing the IP address of the target they're attacking - they're > using your server for reflection/amplification. > > Do you really need to respond to ANY queries - especially when your servers > are being abused? Are there any downsides to not responding to 'ANY' queries? A client should retry with a more focused query AFAIK, but does that actually happen in practice? Cya, Jona _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs