We were unable to load Disqus. If you are a moderator please see our troubleshooting guide.

Doug Mehus • 5 years ago

From what I've read, this seems reasonable. I can't say as I can think of a practical time when I've needed to use an ANY query, as an end user. In terms of looking up a domain name's zone file, I can still this with nslookup tools, so that shouldn't be an issue.

Cheers,
Doug

Daniel Roc • 4 years ago

Let's say i wanna create a firewall rule to my network based on all ip address poiting to a dns entry, lets say server.mydomain.com, where server are recorded as 10.0.0.1, 10.0.0.2, 10.0.0.3. If you disable any, how should I query for thoses ip then?

eastdakota • 4 years ago

If they're all the same type of record, then querying for that record will return all the results. For instance, cloudflare.com is associated with two A Records. Using the Unix dig command you can query:

dig a cloudflare.com

;; ANSWER SECTION:
cloudflare.com. 221 IN A 104.17.176.85
cloudflare.com. 221 IN A 104.17.175.85

The point of ANY was to return any record that is stored in a particular resolver at a point in time, not bounded by record type. It returned unpredictable results depending on the resolver you queried because each resolver would have different sets of records. If you're trying to do what you describe, it's better to query for the specific record type and you'll get back all the responses.

Pardon Pierre-E • 5 years ago

Hi Cloudflare internet's gods,
As a lazy guy, I am using the ANY query in order to quickly check a zone for it health. What is the new way to do it ? for troubleshoting...
Query the SOA, NS etc ? Did I say I am lazy ? :)
Kind regards

Marek • 5 years ago

On zones you own/host you can still continue using ANY. All the RFC does, is to clarify that the effect of ANY query is pretty much undefined from the standards point of view.

You can totally do multiple queries to verify what you need.

Александр Федотов • 3 years ago

You can still ask for any RRs... It will even more problematic for servers. Ha. But yes, DDOS protection that ANY creates is problematic.

monokrome • 5 years ago

This is exciting! DNS ANY has also caused a number of security issues historically, so happy to see it gone :D

Steven • 5 years ago

What do qmail users do with this information?

Marek • 5 years ago

Nothing! proposed solution - HINFO - is backwards compatible! Qmail will work fine.

Ernst Adams Olivier • 5 years ago

Thanks again Cloudflare for your hard work.