[dns-operations] Fixing the "infinite AXFR" security issue (Was: DNS activities in Japan

Mark Andrews marka at isc.org
Thu Jul 7 07:58:08 UTC 2016

In message <20160707070026.GA1915 at nic.fr>, Stephane Bortzmeyer writes:
> On Thu, Jul 07, 2016 at 08:35:26AM +1000,
>  Mark Andrews <marka at isc.org> wrote 
>  a message of 42 lines which said:
> > And 1G is too small for some zones.
> We are just concerned about the *default* value. IMHO, it must be low,
> to address the "ordinary" zone. People who manage zones > 1G are
> typically professionnals, who can read the FM and change the default
> value.

People who slave their own zones don't need this at all.  This is
something for a very small proportion of the DNS world where they
usually have professionals who can add these limits if needed.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list