[dns-operations] chrome's 10 character QNAMEs to detect NXDOMAIN rewriting

SM sm at resistor.net
Wed Nov 27 08:10:05 UTC 2013

Hi Damian,
At 18:17 26-11-2013, Damian Menscher wrote:
>Back to solving the problem of traffic at the roots, I've always 
>been curious why recursive resolvers don't just AXFR the root zone 
>file and cache the list of TLDs.  Yes,

 From some RFC:

   "Root servers SHOULD NOT answer AXFR, or other zone transfer,
    queries from clients other than other root servers.  This
    restriction is intended to, among other things, prevent
    unnecessary load on the root servers as advice has been heard
    such as "To avoid having a corruptible cache, make your server a
    stealth secondary for the root zone."  The root servers MAY put
    the root zone up for ftp or other access on one or more less
    critical servers."

Some root servers allow AXFR; some do not allow AXFR.


More information about the dns-operations mailing list