[fapjacks]

We can start with DNS ANY queries. Cloudflare lied their way through this whole process, with the claim that CF were just following standards, when in fact it was exactly the opposite: Not conforming to the standard while simultaneously pushing through draft changes to the standard in order to support CF's business decision. I'm a trusting guy, and took CF's claims of championing privacy to heart, but this move completely blew that out of the water. Nowadays, I genuinely wonder sometimes how long until someone blows the whistle and it turns out CF is building dossiers just like Google, and renting out access to governments and law enforcement and adtech, shoveling even more crap onto the pile.

[majke]

It was me who was pushing for DNS ANY changes, and I'm pretty proud of it. If you worked on any DNS software, you would see how messy handling ANY was.

Fundamentally the question is about Zones. I personally don't believe "zones" in the modern internet make sense. Modern DNS is not pure-bind/flat file. It's autogenerated labels, managed and pulled from different sources. Fundamentally, answering ANY is at least super hard if not impossible.

I'm sorry you think we were not transparent. I wrote two blog posts, and helped with the draft to promote the deprecating on ANY. But the real push to do something about ANY wasn't us - it was firefox who tried to query resolvers for ANY in order to save AAAA query for IPv6. This is totally bonkers. Proved that nobody understands ANY and that it only brings cost and confusion.

https://blog.cloudflare.com/deprecating-dns-any-meta-query-t...

https://lists.dns-oarc.net/pipermail/dns-operations/2015-Mar...

https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/

https://tools.ietf.org/html/rfc8482

[fapjacks]

What you've done here is demonstrate why Cloudflare cannot be trusted: You do not get to decide for the rest of the internet which use cases are valid and which are "bonkers" -- you probably just thought to yourself "Oh, but I did". This is a pattern of behavior at Cloudflare (cf. Cloudflare CEO waking up one morning to remove a domain from the internet because he didn't like the contents -- which is a polite way of saying he caved to the Twitter mob). You and Cloudflare made a business decision that supporting the DNS standard was too costly, despite DNS being a core offering of Cloudflare. You appear to be saying that you personally made a value judgment about someone else's use case, used that as an argument to drop support for the standard, then pushed draft changes so that Cloudflare could retroactively claim to support the standard.

You have forced changes in the DNS standard based on your own personal value judgment, and Cloudflare was duplicitous in its support of this relative moral position. I could not have made the argument against trusting Cloudflare better, myself.

[majke]

> You and Cloudflare made a business decision that supporting the DNS standard was too costly,

No, I made a decision that it was time to fix an obscure feature that was impossible to use correctly, and caused real damage to the internet - see firefox ANY saga.

Fun fact. We kept on supporting ANY until the RFC was ratified.

> You have forced changes in the DNS standard based on your own personal value judgment

No, we worked on the standard in the working group. I'm not the one assigning RFC numbers. This is a process.