any requests

hugo hugoo hugobxl at
Mon Jun 3 19:26:08 UTC 2013

Thanks for your answer.
I see ANY queries from my clients (we do not use open resolvers)
I do not see why these kind of queries are present.
Moreover, the cache servers only anbswer with its cache content.
Is this normal or must the cache query the authoritztive server to fetch all the records?
> Date: Sun, 2 Jun 2013 22:13:33 +0000
> From: vjs at
> To: bind-users at
> Subject: Re: any requests
> > From: Matus UHLAR - fantomas <uhlar at>
> > On 02.06.13 20:28, hugo hugoo wrote:
> > >I plan to block these kind of requests on the dns cache servers in order to
> > > avoid any amplification attack.
> > hard to say, but as I stated before: don't do that.
> Instead, use RRL to mitigate many kinds of amplification attacks instead
> of only those using ANY.  See
> Blocking DNS ANY requests is to DNS amplification DoS mitigation as
> blocking SMTP envelope Mail_From values of <> is to spam filtering.
> In early spam days, people who either knew far less than they pretended
> or had special agendas prescribed blocking the <> sender as almost the
> FUSSP, and never mind RFCs that require accepting mail from <>, the
> value of mail from <>, and the vast floods of spam that don't and
> never did involve the <> sender.
> Blocking DNS ANY or SMTP <> fit the old saying by H. L. Mencken:
>     For every complex problem there is an answer that is clear,
>      simple, and wrong.
> Vernon Schryver    vjs at
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list