[dns-operations] How Stack Overflow plans to survive the next DNS attack

Jared Mauch jared at puck.nether.net
Wed Jan 11 14:24:17 UTC 2017


> On Jan 11, 2017, at 7:37 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> 
> Hi,
> 
> On Wed, Jan 11, 2017 at 12:20:37PM +0100, Stephane Bortzmeyer wrote:
>> I also note that it is is difficult (too difficult) to have several
>> DNS providers. They don't accept AXFR/IXFR so the customer is
>> locked.
> 
> It is important to note that this is not true of all such providers.
> (My employer, for one, happily speaks [A|I]XFR; they're not alone.)
> But there are some disadvantages.  Obviously, since the mechanisms for
> all the various DNS tricks is non-standard, such tricks are not
> portable across providers.  Moreover, because zone transfers work by
> getting the target server(s) to ask you for the zone, it's not exactly
> possible to "push" a change through transfer the way it is through DNS
> Update or an API call.

Many providers offer an API call to force a clean-transfer via AXFR/IXFR
today, including those that offer free services.  Seems a paid service would
have this feature.

- Jared





More information about the dns-operations mailing list