[dns-operations] FreeBSD and the slaving of the root zone

Paul Vixie paul at vix.com
Tue Jul 31 22:07:56 UTC 2007

> On Tue, 31 Jul 2007, Paul Vixie wrote:
> > this is a really, really, really terrible idea.
> Then why is f.root-servers.net allowing outbound AXFR of the root zone
> (which is contraindicated by RFC 2870, or if you prefer, RFC 2010)?

if f-root were the only one, i'd answer this question differently (that is,
in a way you might find useful.)  we offered axfr in the early days because
i wanted to stress test BIND.  1995 era, this was.  now it's just inertia.

the logic in 2870 escapes me.  i didn't oppose it (being off-planet at the
time) but i oppose it retroactively.  what possible harm can be done via
axfr, to anyone except the root server itself, who presumably has the means
to turn this service off at their own whim?  that is, isn't this guideline
2870 a recommendation rather than a requirement, and isn't any experienced
rootop free to ignore it, if indeed noone else would be harmed by this?

More information about the dns-operations mailing list