root and zone transfers

Joseph S D Yao jsdy at
Fri Sep 11 01:16:36 UTC 2009

On Thu, Sep 10, 2009 at 11:27:27AM +0200, Michael Monnerie wrote:
> On Mittwoch 09 September 2009 Rich Goodson wrote:
> > zone "." {
> > zone "arpa" {
> > zone "" {
> Thank you Rich, and the others. Can anyone confirm that this is the way 
> to do? Or should I stay with ftp updates from the websites? Is there an 
> "officially supported" or "recommended" way to do this or that?

RFC 2870, "Root Name Server Operational Requirements", says:

   2.7 Root servers SHOULD NOT answer AXFR, or other zone transfer,
       queries from clients other than other root servers.  This
       restriction is intended to, among other things, prevent
       unnecessary load on the root servers as advice has been heard
       such as "To avoid having a corruptible cache, make your server a
       stealth secondary for the root zone."  The root servers MAY put
       the root zone up for ftp or other access on one or more less
       critical servers.

You may take from that what you will.  It sounds like discouragement to

However, as M. Bortzmeyer has said, why do this?  I was doing it on a
smaller internet, and came back to find that transfers for "." had been
turned off [but not [???]], and lookups were slowed down
because they were looking at our local "root" first.  (It fixed itself
"by magic" when I complained, but nobody else had thought to do that.)

** Joe Yao				jsdy at - Joseph S. D. Yao

More information about the bind-users mailing list