|
|
|
|
|
|
by mct
4126 days ago
|
|
|
I wish I had time to cite a reference, but my memory is that an ANY query is not guaranteed to return all RRs, anyway. Running a quick experiment against bind 9.8.4 (as packaged in Debian stable), I can confirm that: * When no entry already exists in the cache, bind will forward the ANY query to an authoritative server and return the result. * When some information is already present in the cache, bind will return only the information already cached, without querying more information from an authoritative server Thus, if you need to know if a specific RR exists, you must query for that specific RR. Still, to aid humans in debugging DNS problems, a nice compromise might be to allow ANY queries only over TCP. That would alleviate the spoofing problem. |
|
|