Comcast residential DNS contact

Stephen Satchell list at satchell.net
Wed Dec 3 14:08:46 UTC 2014


On 12/03/2014 04:04 AM, Niels Bakker wrote:
> * shortdudey123 at gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
>> Both of Google’s public DNS servers return complete results every time
>> and one of the two comcast ones works fine.
>>
>> If this is working by design, can you provide the RFC with that info?
> 
> An ANY query will typically return only what's already in the cache.  So
> if you ask for MX records first and then query the same caching resolver
> for ANY it won't return, say, any TXT records that may be present at the
> authoritative nameserver.
> 
> This could be implementation dependent, but Comcast's isn't wrong, and
> you should not rely on ANY queries returning full data.  This has been
> hashed out to tears in the past, for example when qm**l used to do these
> queries in an attempt to optimise DNS query volumes and RTT.

At the ISP I consult to, I filter all ANY queries, because they have
been used for DNS amplification attacks.




More information about the NANOG mailing list