Deprecate DNS ANY with Unbound

A quick patch for Unbound to either drop or reject DNS ANY queries which are used pretty much only for DNS reflection attacks.

diff --git a/daemon/worker.c b/daemon/worker.c
index c90a659..9630fec 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -851,6 +851,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
                addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
                log_nametypeclass(0, ip, qinfo.qname, qinfo.qtype, qinfo.qclass);
        }
+       if(qinfo.qtype == LDNS_RR_TYPE_ANY) {
+               verbose(VERB_ALGO, "worker request: dropped ANY query.");
+               log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+               comm_point_drop_reply(repinfo);
+               if(worker->stats.extended)
+                       worker->stats.unwanted_queries++;
+               return 0;
+       }
        if(qinfo.qtype == LDNS_RR_TYPE_AXFR ||
                qinfo.qtype == LDNS_RR_TYPE_IXFR) {
                verbose(VERB_ALGO, "worker request: refused zone transfer.");
diff --git a/daemon/worker.c b/daemon/worker.c
index c90a659..141bbab 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -851,6 +851,16 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
                addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
                log_nametypeclass(0, ip, qinfo.qname, qinfo.qtype, qinfo.qclass);
        }
+       if(qinfo.qtype == LDNS_RR_TYPE_ANY) {
+               verbose(VERB_ALGO, "worker request: refused ANY query as not implemented.");
+               log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+               sldns_buffer_rewind(c->buffer);
+               LDNS_QR_SET(sldns_buffer_begin(c->buffer));
+               LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
+                       LDNS_RCODE_NOTIMPL);
+               server_stats_insrcode(&worker->stats, c->buffer);
+               goto send_reply;
+       }
        if(qinfo.qtype == LDNS_RR_TYPE_AXFR ||
                qinfo.qtype == LDNS_RR_TYPE_IXFR) {
                verbose(VERB_ALGO, "worker request: refused zone transfer.");

Tested with trunk@3587.