[dns-operations] NSEC3PARAM change strange behaviour
Misak Khachatryan
kmisak at gmail.com
Thu Oct 12 12:36:35 UTC 2023
Thank you Petr and Mark for very useful comments.
Seems specifying the right max-ixfr-ratio should secure us from this
undesired behavior. Another option that my colleague suggested is to limit
journal size.
Best regards,
Misak Khachatryan
On Thu, Oct 12, 2023 at 3:35 PM Petr Špaček <pspacek at isc.org> wrote:
> On 12. 10. 23 13:09, Misak Khachatryan wrote:
> > Thank you Viktor,
> >
> > In logs I see IXFR, which should be a case. This brings me to question
> > to bind developers - shouldn't a change of dnssec-policy or at least
> > such destructive ones automatically trigger AXFR?
> >
> > Of course it's not a question to be asked here, I will check the
> > documentation of bind and ask it in the appropriate mailing list.
>
> Just to close the loop, you can configure "max-ixfr-ratio" option. See
>
> https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-max-ixfr-ratio
>
> Please send further questions to mailing list
> https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Petr Špaček
> Internet Systems Consortium
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20231012/f44c76b6/attachment.html>
More information about the dns-operations
mailing list