[nsd-users] NSD and RFC 8482 (ANY queries)

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Dec 19 15:37:17 UTC 2018

Internet Draft draft-ietf-dnsop-refuse-any-07, soon RFC 8482, claims
that "An implementation of the subset-mode response to ANY queries was
implemented in NSD 4.1 in 2016." It is not clear to me how it is
implemented. I see in the code:

	if(q->qtype == TYPE_ANY && nsd->options->refuse_any && !q->tcp) {
		return query_error(q, NSD_RC_OK);

and in the documentation:

.B refuse\-any:\fR <yes or no>
Refuse queries of type ANY.  This is useful to stop query floods trying
to get large responses.  Note that rrl ratelimiting also has type ANY as
a ratelimiting type.  It sends truncation in response to UDP type ANY queries,
and it allows TCP type ANY queries like normal.
The default is no.

Code and documentation seem to agree. But sending TC is not one of the
three possibilities accepted by the RFC when you don't like ANY (the
future RFC says the opposite: "the TC bit SHOULD NOT be set on the
response"). Am I right in this assesment? Is there a plan to adapt NSD
to the RFC?

More information about the nsd-users mailing list