Re: I-D ACTION:draft-ietf-dnsop-root-opreq-00.txt

[Harald Tveit Alvestrand <Harald@Alvestrand.no>]

At 11:49 17.06.99 -0700, Chris Yarnell wrote:
>Hi,
>
>    2.7 Root servers MUST NOT answer AXFR, or other zone transfer,
>        queries from clients other than other root servers.  This
>        restriction is intended to, among other things, prevent
>        unnecessary load on the root servers.
>
>So, I still have some questions about this section of the draft:
>
>1) If load on the server is the driving factor for this, why is it a MUST
>and not a SHOULD ?  I would imagine that the operators of certain servers
>would be in a better position to decide whether they have the resources to
>allow it, or not (with a strong recommendation that they "SHOULD NOT".
>
>2) If there are other factors that require this to be a MUST, please list
>them.  Security?  Confidentiality?  Stability?  What?

 From a political standpoint, I think there is an advantage to ALLOWING AXFRs;
it increases the apparent openness of the system, reassuring everyone
that how the system works is in fact a close fit to how they're told
that it works.

(It also raises the ability of the Great Unwashed to ask silly questions
like if it really matters that a certain A record occurs 24 times in
the root zone, but that's another matter).

I'd make this recommendation a MAY; unrestricted zone transfer should
probably be among the first things to go when load on a rootserver exceeds 5%.

(it took me 3 seconds to find out which root server does NOT block...)

                 Harald

--
Harald Tveit Alvestrand, Maxware, Norway
Harald.Alvestrand@maxware.no