[dns-operations] Recommended zone serial number format for over 100 changes / day

Andrew Sullivan ajs at anvilwalrusden.com
Sat Apr 2 20:42:17 UTC 2016

On Fri, Apr 01, 2016 at 03:56:08PM -0700, Colm MacCárthaigh wrote:
> It's a really bad idea to accept unknown RRTYPEs. RRTYPEs have been defined
> in backwards incompatible ways in the past - such as DNAME having a
> side-effect of occluding below the DNAME cut.

Apart from the (quite correct) point that Mark Andrews makes, I think
the above argument is also wrong on operational grounds.  Suppose that
the zone master has updated with some new RRTYPE that does something
funky.  That breaks some resolution path in some way.

If I as the slave reject the unknown RRTYPE at that point, then I have
to fail the zone transfer.  Now, the zone is broken compared to what
the zone administrator wanted in two ways.  On the master, there's
some occlusion or something that makes some names break.  On the
slave, the zone is not up to date and will eventually fail because of
the inability to transfer.  I don't see how rejecting a zone transfer
helps in this case.

Now, if you're saying that you shouldn't put a DNS RR in your zone
unless you know how it works and what it's going to do, with that I


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list