DNS request on google.com. and QTYPE=0xff returns no entries

Question

Ive written my own DNS request client but I'm having some interesting behavior.

If I send the request with the QTYPE section = 0xff, I get a valid response however with no entries.

My Request:
0x70 0x3c 0x1 0x0 0x0 0x1 0x0 0x0 0x0 0x0 0x0 0x0 0x6 0x67 0x6f 0x6f 0x67 0x6c 0x65 0x3 0x63 0x6f 0x6d 0x0 0x0 0xff 0x0 0x1 

Response: id=24729 query=google.com. answers=[] nameservers=[] additionals=[]
RAW:
0x60  0x99  0x83  0x80  0x0  0x1  0x0  0x0  0x0  0x0  0x0  0x0  0x6  0x67  0x6f  0x6f  0x67  0x6c  0x65  0x3  0x63  0x6f  0x6d  0x0  0x0  0xff  0x0  0x1 

However if I change the QTYPE to 0x01, then I get entries

Response: id=5496 query=google.com. answers=[A: name=. ttl=235 address=/172.217.4.174] nameservers=[] additionals=[]
0x15  0x78  0x81  0x80  0x0  0x1  0x0  0x1  0x0  0x0  0x0  0x0  0x6  0x67  0x6f  0x6f  0x67  0x6c  0x65  0x3  0x63  0x6f  0x6d  0x0  0x0  0x1  0x0  0x1  0xc0  0xc  0x0  0x1  0x0  0x1  0x0  0x0  0x0  0xeb  0x0  0x4  0xac  0xd9  0x4  0xae 

I would expect 0xff to return at least something considering its labeled in the RFC as "A request for all records". I'm very new to networking, so if someone can help me determine why this is correct behavior that would be greatly appreciated.

RFC for reference

QTYPE=0xff is All entries

QTYPE=0x01 is A host address

Answer 1

The answer depends on which server you ask:

• With 8.8.8.8 you get no records back but the response flags clearly say "Message is truncated". This is because the response does not fit in the 512 byte limit of a normal DNS response. Checking with dig any ... shows a response size of 649 bytes instead. This means that you would need to use TCP instead or try with EDNS to signal that you support larger answers - see RFC 6891 4.3. Switching to TCP for this requests returns the full response.
• With 1.1.1.1 you also get no records back but the response flags instead say "Not implemented". This means that 1.1.1.1 is unwilling to answer your ANY request, likely for security reasons since big responses to small requests can be used for amplification attacks. Trying with TCP returns the same result "Not implemented".