Hey Paul,
Yes I followed that draft hence opened up the discussion in the thread and
git PR on whether SOA parser should return ARES_ENODATA instead of
ARES_EBADRESP in case of qtype ns_t_any returning 0 SOA records.
I agree with the fact that DNS providers faces several challenges of DDOS
while resolving wildcard queries and with time will become limited to
authorized clients only or no response at all. However the wildcard queries
are a great tool for debugging purpose in a large closed system and help
DevOps in many ways to figure out things quickly, the IETF proposal does
suggest one of the purpose of making the wildcard entry requests limited to
authorized clients, hence I think an implementation of the same in c-ares
will help a lot.
Currently user can parse all the records from an any query response except
SOA ones because of the logic of the soa_parser, my PR just fixes that.
Let me know your thoughts on this.
Best
Dron Rathore
On Thu, May 11, 2017 at 2:10 AM, Paul Marks <pmarks_at_google.com> wrote:
> On Fri, May 5, 2017 at 7:51 AM, Dron Rathore via c-ares
> <c-ares_at_cool.haxx.se> wrote:
> > Hi all,
> >
> > I am working on implementing a feature function which returns ns_t_any
> > response records, as c-ares doesn't have a parse_ns_t_any function I am
> > doing that by invoking individual parsers for each type of records.
> >
>
> Note that asking for T_ANY is generally a bad idea:
> - https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/
> - https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any
>
Received on 2017-05-11