[dns-operations] New root AXFR service?

Paul Vixie paul at vix.com
Thu Aug 2 23:49:45 UTC 2007


Paul Vixie wrote:
> some kind of AXFR-only service seems indicated.  we could put one
> up on 192.5.5.242 in a few days if IANA asked for it.  (that's F+1
> as IP addresses go.)

Doug Barton <dougb at dougbarton.us> wrote:
> It should come as no surprise that I think this is a great idea.

i have since reconsidered.  the session descriptor logic in RFC 1035 makes
TCP/53 a very fragile service, suitable for DNS QUERY from unpredictable
parties or for DNS AXFR from predictable parties but not for DNS AXFR from
unpredictable parties.

> Do you actually need David to make a formal request? Or is this
> something you would consider doing if enough community members said
> that it sounds like a good idea? (And no, the irony of that question
> coming from me is not lost.)

i think that in the best of all possible worlds, somebody would write an RFC
and IANA would solicit volunteers and ISC would certainly be a volunteer.  but
the RFC would either have to specify that the descriptor pool for AXFR-only
is "don't drop old sessions unless they time out, even if it means ignoring
new TCP SYNs", or it would specify RSYNC or some other protocol for transport.


More information about the dns-operations mailing list