To:
Harald@Alvestrand.no (Harald Tveit Alvestrand)
Cc:
cyarnell@coredump.arc.nasa.gov (Chris Yarnell), dnsop@cafax.se (DNSop List)
From:
Bill Manning <bmanning@ISI.EDU>
Date:
Fri, 18 Jun 1999 05:24:16 -0700 (PDT)
In-Reply-To:
<4.2.0.56.19990618130131.00d603b0@dokka.maxware.no> from "Harald Tveit Alvestrand" at Jun 18, 1999 01:08:17 PM
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-root-opreq-00.txt
> > At 11:49 17.06.99 -0700, Chris Yarnell wrote: > >Hi, > > > > 2.7 Root servers MUST NOT answer AXFR, or other zone transfer, > > queries from clients other than other root servers. This > > restriction is intended to, among other things, prevent > > unnecessary load on the root servers. > > > >So, I still have some questions about this section of the draft: > > > >1) If load on the server is the driving factor for this, why is it a MUST > >and not a SHOULD ? I would imagine that the operators of certain servers > >would be in a better position to decide whether they have the resources to > >allow it, or not (with a strong recommendation that they "SHOULD NOT". > > > >2) If there are other factors that require this to be a MUST, please list > >them. Security? Confidentiality? Stability? What? > > From a political standpoint, I think there is an advantage to ALLOWING AXFRs; > it increases the apparent openness of the system, reassuring everyone > that how the system works is in fact a close fit to how they're told > that it works. > > (It also raises the ability of the Great Unwashed to ask silly questions > like if it really matters that a certain A record occurs 24 times in > the root zone, but that's another matter). > > I'd make this recommendation a MAY; unrestricted zone transfer should > probably be among the first things to go when load on a rootserver exceeds 5%. > > (it took me 3 seconds to find out which root server does NOT block...) > > Harald > Harald Tveit Alvestrand, Maxware, Norway > Harald.Alvestrand@maxware.no I get the feeling that the presumption here is that the same servers that serve root also serve TLDs and that the issues on loading/axfr etc. would only apply to those systems where these two were still mixed. If one looks at those systems which just offer the root zone, this arguement seems a red herring. There isn't all that much data in the root and its not all that interesting nor does it change with the frequency of some other zones. If this statement must stay in, then MAY is likely the best choice. --bill