[ratelimits] RRL vs other approaches

Vernon Schryver vjs at rhyolite.com
Wed Feb 20 14:21:01 UTC 2013

> From: Tony Finch <dot at dotat.at>

> > I'm probably being stupid.  Why wouldn't it be a good for a recursive
> > server to request ANY when talking to an authoritative about a client's
> > request for MX, A, or AAAA in the expectation that the client is

> (Going further off topic, sorry.) Well that's a counterfactual rather than
> a real-world use of ANY queries, but if you tried it you would have to
> weigh up the advantage of getting more data using ANY against the

Today I realize I am being stupid.  Trying to recursively resolve
requests for A RRs with ANY requests does not get the NSEC records
required when there are no A records.  I now wonder if DNSSEC is a 
reason to deprecate ANY.  (deprecating ANY to mitigate reflection
attacks is wishful thinking)

oh well. as you say, off-topic.

Vernon Schryver    vjs at rhyolite.com

More information about the ratelimits mailing list