|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DOS attack against DNS?
# > class "ANY" has no purpose in the real world, not even for debugging. if # > you see it in a query, you can assume malicious intent. if you hear it in # > a query, you can safely ignore that query, or at best, map it to class # > "IN". # # er... i guess that is true, although the DNS does work for # things other than IP based networks... dispite our respective # best efforts to cripple it. i'm not trying to cripple it. i'm saying RFC 1034/1035 was wrong about class "ANY". all answer/authority/additional data where OP=QUERY and QR=1 will have the same class as the QCLASS (of which, in spite of the QDCOUNT field, there can be only one). nodes do not have classes. not even zones have classes. each class has a hierarchy of NS RRs making a "namespace". each class needs its own root name servers. there are less-coherent / more-useful ways to interpret "the spec", and one such way could give meaning to class "ANY", but no dns implementation i'm aware of follows those alternate interpretations. since nanog isn't a protocol-fine-points mailing list, at least for the DNS protocol, one could ask "why are we discussing this?" and my answer is, there is an operational tie-in. if you see QCLASS=ANY in a firewall, that is prima facie evidence of malfeasance, not merely misconfiguration or misinterpretation.
|