[dns-operations] AXFR "policy"
sm at resistor.net
Fri Mar 25 16:28:56 UTC 2011
At 02:07 25-03-2011, Jim Reid wrote:
>On 24 Mar 2011, at 22:48, Simon Munton wrote:
>>As a matter of interest, why do you make it available for public
>>AXFR on all name servers if you don't want people to use it?
>Just because a zone happens to be available for AXFR does not mean
>it's acceptable to take a copy, load into other name servers and then
As the discussion seems to be getting into AXFR "policy", one of the
paragraphs from File No. 09-05-C-01660, District Court, Country of
Cass, North Dakota provides one view of the non-operational aspect:
"The intended purpose of a zone transfer is primarily one of redundancy.
Zone transfers are the means by which a primary authoritative domain
name server copies the domain structure to a secondary domain name
server for the purpose of redundancy. Generally, both of the servers
pertain to the same domain. In all intended use of a zone transfer, the
secondary server is operated by the same party that operates the primary
server. A secondary intended purpose for the zone transfers is to permit
trouble shooting in which case zone transfers may sometimes be undertaken
via the manually conducted host-l command. In those instances, however,
the person conducting the diagnosis acts with the authorization of the
operator of the system and is usually the network administrator of the
The question of AXFR access to a zone is also discussed in RFC 5936.
It would be better to ask the zone administrator if you would like to
know why public AXFR is available for the zone. If you want to use
the information, it would be easier for all the parties involved if
the question included a "is it acceptable for me to use it for X".
More information about the dns-operations