On 18 September 2014 21:31:33 GMT+01:00, Sanford Whiteman <figureone...@gmail.com> wrote: >ANY (*) requests are key to many DNS amplification attacks and may >fail, >even if the RR you want exists when individually requested. Such >requests >should be discouraged by clients, IMO. It's disappointing that PHP's >dns_get_record() defaults to ANY. > >But more to the point, what is the client-side utility? You are >basically >flooding yourself if you make such requests -- what exactly are you >going >to do with the TXT records, NS records, the SOAs, the unknown types? >This >is just a ton of extraneous data, even if the overall payload is small. > >Maybe if you're building a PHP app whose sole purpose is to >troubleshoot >DNS. But if so I would sooner fork `dig`, since most likely you are >trying >to show people the results that a non-PHP app would see, so better to >avoid >any PHP bugs/specialness and miss any DNS features (such as new RR >types >and new DNS extensions). > >I don't think there's anything particularly askew in MX being the >default >for checkdnsrr() if you think of it as a cut-down generalization of >getdnsmx(). Still I can't remember the last time my PHP apps cared >only >about whether an RR existed, not its value (our mail server cares about >that of course when checking blacklists, and we care when we're >troubleshooting... but not within PHP). And I've *never *wanted to get >a >true/false *if there is an RR of any type, *as opposed to a true/false >if >the domain exists at all in the public DNS. Can you explain the use >case? > >-- Sandy
Hi, I think you might need to take a deep breath, read through the mailing list guidelines [ http://git.php.net/?p=php-src.git;a=blob_plain;f=README.MAILINGLIST_RULES;hb=HEAD], and start again. Your post mentions three different functions, which have different purposes, and different default parameters, and demands that we provide a use case for something (I'm not clear what) because you've never needed it. I would say it is up to you to put forward a considered case for a change, not for everyone else to justify the status quo. What is it you are actually proposing or requesting here? To remove the ability of these functions to query ANY? To remove the default parameter so that people don't use ANY accidentally? Or to change the default value to something different? Bear in mind that any change needs to take into account compatibility with existing code, so removing or changing a default parameter requires a strong justification to offset the problems it may cause users. I hope this message doesn't sound too negative, and look forward to clarification of your thoughts. Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
