[dns-operations] chrome's 10 character QNAMEs to detect NXDOMAIN rewriting
SM
sm at resistor.net
Wed Nov 27 08:10:05 UTC 2013
Hi Damian,
At 18:17 26-11-2013, Damian Menscher wrote:
>Back to solving the problem of traffic at the roots, I've always
>been curious why recursive resolvers don't just AXFR the root zone
>file and cache the list of TLDs. Yes,
From some RFC:
"Root servers SHOULD NOT answer AXFR, or other zone transfer,
queries from clients other than other root servers. This
restriction is intended to, among other things, prevent
unnecessary load on the root servers as advice has been heard
such as "To avoid having a corruptible cache, make your server a
stealth secondary for the root zone." The root servers MAY put
the root zone up for ftp or other access on one or more less
critical servers."
Some root servers allow AXFR; some do not allow AXFR.
Regards,
-sm
More information about the dns-operations
mailing list