Re: Comcast residential DNS contact

[Brian Rak <brak () gameservers com>]

Shouldn't everyone be on IPv6 these days anyway ;)

On 12/3/2014 10:28 AM, Jared Mauch wrote:
> So have A record queries. Do you filter those as well?
>
> Jared Mauch
>
> > On Dec 3, 2014, at 9:08 AM, Stephen Satchell <list () satchell net> wrote:
> >
> > > On 12/03/2014 04:04 AM, Niels Bakker wrote:
> > > * shortdudey123 () gmail com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:
> > > > Both of Google’s public DNS servers return complete results every time
> > > > and one of the two comcast ones works fine.
> > > >
> > > > If this is working by design, can you provide the RFC with that info?
> > > An ANY query will typically return only what's already in the cache.  So
> > > if you ask for MX records first and then query the same caching resolver
> > > for ANY it won't return, say, any TXT records that may be present at the
> > > authoritative nameserver.
> > >
> > > This could be implementation dependent, but Comcast's isn't wrong, and
> > > you should not rely on ANY queries returning full data.  This has been
> > > hashed out to tears in the past, for example when qm**l used to do these
> > > queries in an attempt to optimise DNS query volumes and RTT.
> > At the ISP I consult to, I filter all ANY queries, because they have
> > been used for DNS amplification attacks.