Brussels / 1 & 2 February 2020


The Different Ways of Minimizing ANY

The DNS Protocol has features that have grown to become liabilities. The query type "ANY" is one. Earlier this year a published RFC document describes how a DNS server may respond to such queries while reducing the liability. But the document does not define a definitive means for a server to signal that it is differing from the original protocol. This presentation measures of the impact of having no definitive means specified and examines the "fear, uncertainty, and doubt" of lacking explicit signals.

The "minimal ANY responses" RFC (Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY, a.k.a. RFC 8482) results in about 1% of the TLD nameservers indicating they are minimizing ANY responses. That's (only) about 250 cases. What is troubling is that there are about 9 different responses observed to indicate the response is "minimized" 9 different ways in just 250 samples, "fuzzing" the protocol The morale of this tale is that "fuzzying" the protocol is worrisome.  (Not that minimizing ANY is a bad thing.)


Edward Lewis