/plushcap/analysis/cloudflare/rfc8482-saying-goodbye-to-any

RFC8482 - Saying goodbye to ANY

What's this blog post about?

The DNS ANY query type has been deprecated by RFC8482 due to its difficulty in implementation on modern DNS servers, poor understanding of semantics within the community, and unnecessary exposure to abuse. Historically, "ANY" queries were hard for modern DNS servers as they assumed the server could retrieve all records, which is not possible with many modern implementations. Additionally, clients had a hard time interpreting responses from "ANY" queries, leading to confusion and potential security risks. Finally, network operators faced challenges in handling large responses generated by "ANY" queries, making them vulnerable to DNS amplification attacks. With RFC8482, the semantics of ANY queries are now clearly defined, allowing for simpler DNS authoritative and resolver implementations while reducing the risk of DoS attacks on the entire Internet.

Company
Cloudflare

Date published
March 15, 2019

Author(s)
Marek Majkowski

Word count
1270

Language
English

Hacker News points
162


By Matt Makai. 2021-2024.