Saw something new in DNS recently
$ dig reddit.com any reddit.com. 3788 IN HINFO "Please stop asking for ANY" "See draft-ietf-dnsop-refuse-any"
Huh. Turns out there’s an effort afoot to refuse ANY requests. CloudFlare’s post on their reasoning is instructive. Long story short ANY was mostly only used for debugging, not in real applications. But it’s also expensive to serve and easy to abuse, particularly in DNS amplification attacks. So out it goes.
Too bad, but I see the dismal logic of it. Chalk it up along with AXFR DNS queries and NTP’s monlist command for “why we can’t have nice things that use UDP”.