Home page logo
/

nanog logo nanog mailing list archives

Re: DOS attack against DNS?
From: Alon Tirosh <j0keralpha () gmail com>
Date: Tue, 17 Jan 2006 01:19:21 -0500

Admitted, i did not notice the type/class difference. I responded as a knee
jerk reaction, and that is my mistake.

For the second part, the any query type is useful (when targeted at either
your NS and/or public NS servers) to quickly alert to issues such as the one
being discussed with GoDaddy and Nectartech right now on this list.

Pick and/or set up an NS server that is TTL agnostic (flameArmor: this
system is to be used for disparate up-to-date checks only, and I know by
spec this is far from foolproof but its saved my ass a couple times in the
past) and checks disparate roots and its useful for finding or alerting to
major name system, registrar ,and provider issues quickly.

Im diverging off-topic, im sure. gnight.

On 1/17/06, william(at)elan.net <william () elan net> wrote:


Did you notice that it was class "ANY" and not type "ANY" that Paul noted?
I've never ever heard of it being used anywhere....

As for ANY query type, what do you think will happen when you query with
"ANY" to a host in a domain that is not in your local dns server cache?
And btw if it is in your dns cache, how predictable do you think such
results are going to be???

On Tue, 17 Jan 2006, Alon Tirosh wrote:

Not true,. the ANY query has mutliple uses for consolidating multiple
diagnostic queries into a single display, and also for diversion
monitoring
systems on small domains or groups of same. Not all of us have the
resources
(or time) of large ISPs behind us.

On 15 Jan 2006 17:27:40 +0000, Paul Vixie <vixie () vix com> wrote:

client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E

class "ANY" has no purpose in the real world, not even for
debugging.  if
you see it in a query, you can assume malicious intent.  if you hear it
in
a query, you can safely ignore that query, or at best, map it to class
"IN".
--
Paul Vixie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]