To:
Chris Yarnell <cyarnell@coredump.arc.nasa.gov>, DNSop List <dnsop@cafax.se>
From:
Harald Tveit Alvestrand <Harald@Alvestrand.no>
Date:
Fri, 18 Jun 1999 13:08:17 +0200
In-Reply-To:
<Pine.BSF.4.10.9906171131120.11406-100000@coredump.arc.nasa.gov>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-root-opreq-00.txt
At 11:49 17.06.99 -0700, Chris Yarnell wrote: >Hi, > > 2.7 Root servers MUST NOT answer AXFR, or other zone transfer, > queries from clients other than other root servers. This > restriction is intended to, among other things, prevent > unnecessary load on the root servers. > >So, I still have some questions about this section of the draft: > >1) If load on the server is the driving factor for this, why is it a MUST >and not a SHOULD ? I would imagine that the operators of certain servers >would be in a better position to decide whether they have the resources to >allow it, or not (with a strong recommendation that they "SHOULD NOT". > >2) If there are other factors that require this to be a MUST, please list >them. Security? Confidentiality? Stability? What? From a political standpoint, I think there is an advantage to ALLOWING AXFRs; it increases the apparent openness of the system, reassuring everyone that how the system works is in fact a close fit to how they're told that it works. (It also raises the ability of the Great Unwashed to ask silly questions like if it really matters that a certain A record occurs 24 times in the root zone, but that's another matter). I'd make this recommendation a MAY; unrestricted zone transfer should probably be among the first things to go when load on a rootserver exceeds 5%. (it took me 3 seconds to find out which root server does NOT block...) Harald -- Harald Tveit Alvestrand, Maxware, Norway Harald.Alvestrand@maxware.no