RFC8482 - Saying goodbye to ANY
The DNS ANY query type has been deprecated by RFC8482 due to its difficulty in implementation on modern DNS servers, poor understanding of semantics within the community, and unnecessary exposure to abuse. Historically, "ANY" queries were hard for modern DNS servers as they assumed the server could retrieve all records, which is not possible with many modern implementations. Additionally, clients had a hard time interpreting responses from "ANY" queries, leading to confusion and potential security risks. Finally, network operators faced challenges in handling large responses generated by "ANY" queries, making them vulnerable to DNS amplification attacks. With RFC8482, the semantics of ANY queries are now clearly defined, allowing for simpler DNS authoritative and resolver implementations while reducing the risk of DoS attacks on the entire Internet.
Company
Cloudflare
Date published
March 15, 2019
Author(s)
Marek Majkowski
Word count
1270
Language
English
Hacker News points
162