[dns-operations] Fixing the "infinite AXFR" security issue (Was: DNS activities in Japan
Mark Andrews
marka at isc.org
Thu Jul 7 07:58:08 UTC 2016
In message <20160707070026.GA1915 at nic.fr>, Stephane Bortzmeyer writes:
> On Thu, Jul 07, 2016 at 08:35:26AM +1000,
> Mark Andrews <marka at isc.org> wrote
> a message of 42 lines which said:
>
> > And 1G is too small for some zones.
>
> We are just concerned about the *default* value. IMHO, it must be low,
> to address the "ordinary" zone. People who manage zones > 1G are
> typically professionnals, who can read the FM and change the default
> value.
People who slave their own zones don't need this at all. This is
something for a very small proportion of the DNS world where they
usually have professionals who can add these limits if needed.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list