root and in-addr.arpa zone transfers
Joseph S D Yao
jsdy at tux.org
Fri Sep 11 01:16:36 UTC 2009
On Thu, Sep 10, 2009 at 11:27:27AM +0200, Michael Monnerie wrote:
> On Mittwoch 09 September 2009 Rich Goodson wrote:
> > zone "." {
> > zone "arpa" {
> > zone "in-addr.arpa" {
>
> Thank you Rich, and the others. Can anyone confirm that this is the way
> to do? Or should I stay with ftp updates from the websites? Is there an
> "officially supported" or "recommended" way to do this or that?
RFC 2870, "Root Name Server Operational Requirements", says:
2.7 Root servers SHOULD NOT answer AXFR, or other zone transfer,
queries from clients other than other root servers. This
restriction is intended to, among other things, prevent
unnecessary load on the root servers as advice has been heard
such as "To avoid having a corruptible cache, make your server a
stealth secondary for the root zone." The root servers MAY put
the root zone up for ftp or other access on one or more less
critical servers.
You may take from that what you will. It sounds like discouragement to
me.
However, as M. Bortzmeyer has said, why do this? I was doing it on a
smaller internet, and came back to find that transfers for "." had been
turned off [but not in-addr.arpa [???]], and lookups were slowed down
because they were looking at our local "root" first. (It fixed itself
"by magic" when I complained, but nobody else had thought to do that.)
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list