Did more digging and found the RFC regarding ANY queries: 3.2.3 - * 255 A request for all records https://www.ietf.org/rfc/rfc1035.txt
However Wikipedia (http://en.wikipedia.org/wiki/List_of_DNS_record_types) lists this as a request for "All cached records" instead of "A request for all records" per the RFC. -Grant On Wed, Dec 3, 2014 at 9:54 AM, Grant Ridder <shortdudey...@gmail.com> wrote: > Hi Everyone, > > Thanks for the replies! After reading them, i am doing some digging into > DNS RFC's and haven't found much with respect to ANY queries. Not > responding with full results to protect against being used in an attack > makes sense. However, I find it odd that only 1 of the 4 anycast servers I > tried would institute this. > > Also, as a side note, i hit all 4 anycast servers on both v4 and v6 with > similar results already. > > -Grant > > On Wed, Dec 3, 2014 at 7:46 AM, Brian Rak <b...@gameservers.com> wrote: > >> Shouldn't everyone be on IPv6 these days anyway ;) >> >> >> On 12/3/2014 10:28 AM, Jared Mauch wrote: >> >>> So have A record queries. Do you filter those as well? >>> >>> Jared Mauch >>> >>> On Dec 3, 2014, at 9:08 AM, Stephen Satchell <l...@satchell.net> wrote: >>>> >>>> On 12/03/2014 04:04 AM, Niels Bakker wrote: >>>>> * shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]: >>>>> >>>>>> Both of Google’s public DNS servers return complete results every time >>>>>> and one of the two comcast ones works fine. >>>>>> >>>>>> If this is working by design, can you provide the RFC with that info? >>>>>> >>>>> An ANY query will typically return only what's already in the cache. >>>>> So >>>>> if you ask for MX records first and then query the same caching >>>>> resolver >>>>> for ANY it won't return, say, any TXT records that may be present at >>>>> the >>>>> authoritative nameserver. >>>>> >>>>> This could be implementation dependent, but Comcast's isn't wrong, and >>>>> you should not rely on ANY queries returning full data. This has been >>>>> hashed out to tears in the past, for example when qm**l used to do >>>>> these >>>>> queries in an attempt to optimise DNS query volumes and RTT. >>>>> >>>> At the ISP I consult to, I filter all ANY queries, because they have >>>> been used for DNS amplification attacks. >>>> >>> >> >