[dns-operations] Recommended zone serial number format for over 100 changes / day

[Mark Andrews]

In message <CAAF6GDdmvK9L2JJyQiGvNDVtuPorxds2ANfZkd+KhHqZjCNutg at mail.gmail.com>
, =?UTF-8?Q?Colm_MacC=C3=A1rthaigh?= writes:
> 
> On Fri, Apr 1, 2016 at 9:42 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
> wrote:
> 
> > On Fri, Apr 01, 2016 at 09:11:36AM -0700, Robert wrote:
> >
> > > attempt to send notifies, how would you want things that aren't
> > > supported in native BIND represented in the AXFR?  For example, Alias,
> > > LBR, Geo, and WRR (to name just a few) don't have record types in
> > > native BIND - what would that look like in an AXFR?
> >
> > Apart from the point about some of them not actually being RRs, if
> > they _are_ RRs, they'll transfer just fine.  They're merely treated as
> > unknown RRTYPEs, like everywhere else.
> >
> 
> It's a really bad idea to accept unknown RRTYPEs. RRTYPEs have been defined
> in backwards incompatible ways in the past - such as DNAME having a
> side-effect of occluding below the DNAME cut.

So you would prefer to block adding new RR's most of which are just
more data on the chance that we may add one that adds a record with
a new side effect?

The solution to this if for the authoritative server to refuse a
zone transfer unless the EDNS version of the IXFR/AXFR request meets
the minimum EDNS version that supports the required functionality
or require that a particular EDNS option is present in the IXFR/AXFR
request if we ever add such a record in the future.

Block the exception not the norm.

Mark

> -- 
> Colm
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org