To:
DNSop List <dnsop@cafax.se>
From:
Chris Yarnell <cyarnell@coredump.arc.nasa.gov>
Date:
Thu, 17 Jun 1999 11:49:49 -0700 (PDT)
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-root-opreq-00.txt
Hi,
2.7 Root servers MUST NOT answer AXFR, or other zone transfer,
queries from clients other than other root servers. This
restriction is intended to, among other things, prevent
unnecessary load on the root servers.
So, I still have some questions about this section of the draft:
1) If load on the server is the driving factor for this, why is it a MUST
and not a SHOULD ? I would imagine that the operators of certain servers
would be in a better position to decide whether they have the resources to
allow it, or not (with a strong recommendation that they "SHOULD NOT".
2) If there are other factors that require this to be a MUST, please list
them. Security? Confidentiality? Stability? What?
Note that we have disallowed AXFR at E for several years, so we are not
looking to 'get around' this being a MUST for our own sake.
I just don't think we should be dancing around this. If people want to
codify a requirement that root servers disallow AXFR's for zones, the
technical reasoning for such a requirement should be included..
Perhaps if you could explain your thinking, it'd make better sense to me.
Tnx.