[dns-operations] How Stack Overflow plans to survive the next DNS attack
Jared Mauch
jared at puck.nether.net
Wed Jan 11 14:24:17 UTC 2017
> On Jan 11, 2017, at 7:37 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>
> Hi,
>
> On Wed, Jan 11, 2017 at 12:20:37PM +0100, Stephane Bortzmeyer wrote:
>> I also note that it is is difficult (too difficult) to have several
>> DNS providers. They don't accept AXFR/IXFR so the customer is
>> locked.
>
> It is important to note that this is not true of all such providers.
> (My employer, for one, happily speaks [A|I]XFR; they're not alone.)
> But there are some disadvantages. Obviously, since the mechanisms for
> all the various DNS tricks is non-standard, such tricks are not
> portable across providers. Moreover, because zone transfers work by
> getting the target server(s) to ask you for the zone, it's not exactly
> possible to "push" a change through transfer the way it is through DNS
> Update or an API call.
Many providers offer an API call to force a clean-transfer via AXFR/IXFR
today, including those that offer free services. Seems a paid service would
have this feature.
- Jared
More information about the dns-operations
mailing list