Comcast residential DNS contact

• Previous message (by thread): Comcast residential DNS contact
• Next message (by thread): Comcast residential DNS contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Did more digging and found the RFC regarding ANY queries:

3.2.3 - * 255 A request for all records
https://www.ietf.org/rfc/rfc1035.txt

However Wikipedia (http://en.wikipedia.org/wiki/List_of_DNS_record_types)
lists this as a request for "All cached records" instead of "A request for
all records" per the RFC.

-Grant


On Wed, Dec 3, 2014 at 9:54 AM, Grant Ridder <shortdudey123 at gmail.com>
wrote:

> Hi Everyone,
>
> Thanks for the replies!  After reading them, i am doing some digging into
> DNS RFC's and haven't found much with respect to ANY queries.  Not
> responding with full results to protect against being used in an attack
> makes sense.  However, I find it odd that only 1 of the 4 anycast servers I
> tried would institute this.
>
> Also, as a side note, i hit all 4 anycast servers on both v4 and v6 with
> similar results already.
>
> -Grant
>
> On Wed, Dec 3, 2014 at 7:46 AM, Brian Rak <brak at gameservers.com> wrote:
>
>> Shouldn't everyone be on IPv6 these days anyway ;)
>>
>>
>> On 12/3/2014 10:28 AM, Jared Mauch wrote:
>>
>>> So have A record queries. Do you filter those as well?
>>>
>>> Jared Mauch
>>>
>>>  On Dec 3, 2014, at 9:08 AM, Stephen Satchell <list at satchell.net> wrote:
>>>>
>>>>  On 12/03/2014 04:04 AM, Niels Bakker wrote:
>>>>> * shortdudey123 at gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
>>>>>
>>>>>> Both of Google’s public DNS servers return complete results every time
>>>>>> and one of the two comcast ones works fine.
>>>>>>
>>>>>> If this is working by design, can you provide the RFC with that info?
>>>>>>
>>>>> An ANY query will typically return only what's already in the cache.
>>>>> So
>>>>> if you ask for MX records first and then query the same caching
>>>>> resolver
>>>>> for ANY it won't return, say, any TXT records that may be present at
>>>>> the
>>>>> authoritative nameserver.
>>>>>
>>>>> This could be implementation dependent, but Comcast's isn't wrong, and
>>>>> you should not rely on ANY queries returning full data.  This has been
>>>>> hashed out to tears in the past, for example when qm**l used to do
>>>>> these
>>>>> queries in an attempt to optimise DNS query volumes and RTT.
>>>>>
>>>> At the ISP I consult to, I filter all ANY queries, because they have
>>>> been used for DNS amplification attacks.
>>>>
>>>
>>
>

• Previous message (by thread): Comcast residential DNS contact
• Next message (by thread): Comcast residential DNS contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]