These are chat archives for CZ-NIC/knot-resolver

15th
Oct 2018
Robert Šefr
@robcza
Oct 15 2018 09:07
@pspacek sure, I was heading that direction, just wanted to make sure :)
Robert Šefr
@robcza
Oct 15 2018 09:16
We were asked recently regarding the ANY queries recently and their missing implementation in kres. Kres returns NOTIMP and I'm not sure, whether this could be an issue. I'm not aware of any issue with this behavior, but still it is a difference and I would like to understand the reason behind and possible issues that can occur.
dig any example.cz @1.1.1.1

; <<>> DiG 9.10.3-P4-Ubuntu <<>> any example.cz @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 50470
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.cz.            IN    ANY

;; Query time: 9 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Oct 15 11:05:57 DST 2018
;; MSG SIZE  rcvd: 39
dig any example.cz @8.8.8.8

; <<>> DiG 9.10.3-P4-Ubuntu <<>> any example.cz @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3763
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.cz.            IN    ANY

;; ANSWER SECTION:
example.cz.        299    IN    SOA    ns.pipni.cz. pipni.pipni.cz. 204135226 10800 1800 604800 86400
example.cz.        299    IN    MX    10 ns3.pipni.cz.
example.cz.        299    IN    MX    20 mail.example.cz.
example.cz.        299    IN    A    93.185.104.64
example.cz.        299    IN    NS    ns.pipni.cz.
example.cz.        299    IN    NS    ns2.pipni.cz.

;; Query time: 61 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Oct 15 11:02:24 DST 2018
;; MSG SIZE  rcvd: 179
Petr Špaček
@pspacek
Oct 15 2018 12:22
@robcza You do not need to worry about ANY because it was never specified and thus never worked reliably. https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-07 "fixes" the standard and formally allows resolvers to do basically anything.
Robert Šefr
@robcza
Oct 15 2018 12:23
@pspacek ok, that clears any confusion. I love these depths of DNS standards :)
Petr Špaček
@pspacek
Oct 15 2018 12:24
DNS Camel at its best ...
Robert Šefr
@robcza
Oct 15 2018 12:26
Thank you for the answer, I googled the wrong direction
Petr Špaček
@pspacek
Oct 15 2018 12:48
@robcza BTW I would recommend you to have a look at https://labs.ripe.net/Members/bert_hubert/introducing-tdns-the-teachable-authoritative-dns-server and documents linked from there. Do not be mistaken, the word "teachable" does not mean it is not for hardline DNS developers as well - it has nugets of gold in it because it goes though the old RFCs and does not hesitate to point out "this 30 year advice is a nonsense and should ignored".