Comcast residential DNS contact

Brian Rak brak at gameservers.com
Wed Dec 3 15:46:49 UTC 2014


Shouldn't everyone be on IPv6 these days anyway ;)

On 12/3/2014 10:28 AM, Jared Mauch wrote:
> So have A record queries. Do you filter those as well?
>
> Jared Mauch
>
>> On Dec 3, 2014, at 9:08 AM, Stephen Satchell <list at satchell.net> wrote:
>>
>>> On 12/03/2014 04:04 AM, Niels Bakker wrote:
>>> * shortdudey123 at gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
>>>> Both of Google’s public DNS servers return complete results every time
>>>> and one of the two comcast ones works fine.
>>>>
>>>> If this is working by design, can you provide the RFC with that info?
>>> An ANY query will typically return only what's already in the cache.  So
>>> if you ask for MX records first and then query the same caching resolver
>>> for ANY it won't return, say, any TXT records that may be present at the
>>> authoritative nameserver.
>>>
>>> This could be implementation dependent, but Comcast's isn't wrong, and
>>> you should not rely on ANY queries returning full data.  This has been
>>> hashed out to tears in the past, for example when qm**l used to do these
>>> queries in an attempt to optimise DNS query volumes and RTT.
>> At the ISP I consult to, I filter all ANY queries, because they have
>> been used for DNS amplification attacks.




More information about the NANOG mailing list