pentium100 commented on PR #3799: URL: https://github.com/apache/hertzbeat/pull/3799#issuecomment-3359895730
## Feature Suggestion: Allow User-Specified DNS Record Type for Monitoring Hello maintainers, I'm suggesting an enhancement to the current DNS monitoring feature. Currently, the implementation might rely on querying for **`ANY` (Type 255)** record query. This approach has significant issues in a real-world monitoring environment: ### The Problem: Compatibility and Security Many major public DNS resolvers (like Google DNS, Cloudflare 1.1.1.1, etc.) **do not support or have rate limits on `ANY` record queries.** The primary reason for this is **security**, specifically the threat of **DNS Amplification Attacks (DDoS)**. An `ANY` query often results in an extremely large response packet, which attackers can leverage to overwhelm a target by spoofing the victim's IP address. ### Proposed Enhancement To ensure **HertzBeat's DNS monitoring is reliable and compatible** with public resolvers, we must **allow the user to specify the exact DNS record type** they wish to query for a given domain. The monitor setup should include a new configuration field where the user can select the desired record type for the DNS lookup query, such as: * **A** (IPv4 Address) * **AAAA** (IPv6 Address) * **CNAME** (Canonical Name) * **MX** (Mail Exchange) * **NS** (Name Server) * **TXT** (Text Record) * **SRV** (Service Record) By allowing the user to select a specific type, we **avoid the unreliable `ANY` query**, bypass potential security restrictions, and ensure the monitor accurately checks the specific record relevant to the user's service. Thank you for considering this critical update. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
