zdw mentioned an "authoritative" server, i.e. a content DNS server. CloudFlare is not talking about content DNS servers there. It cannot decide from paragraph to paragraph what it is calling the DNS servers that it is talking about, but it is talking about proxy DNS servers, that respond with the actual grunt work of query resolution done.
People like me have been recommending not running public proxy DNS servers for the entirety of the 21st century thus far, and the world has taken some notice, although more work is required, world!
In any case, ANY queries do not work nearly as well for amplification attacks as they used to. Many people have read RFC 8482. I, for example, changed all of the DNS servers in djbwares to respond to ANY queries per RFC 8482 back in March 2019.
The task at hand in this discussion only involves running a content DNS server, serving LOC records from some file/database or other.
People like me have been recommending not running public proxy DNS servers for the entirety of the 21st century thus far, and the world has taken some notice, although more work is required, world!
* https://jdebp.uk/FGA/proxy-server-ip-addresses.html
In any case, ANY queries do not work nearly as well for amplification attacks as they used to. Many people have read RFC 8482. I, for example, changed all of the DNS servers in djbwares to respond to ANY queries per RFC 8482 back in March 2019.
The task at hand in this discussion only involves running a content DNS server, serving LOC records from some file/database or other.