NXT RR, why do they exist?
Simon Waters
Simon at wretched.demon.co.uk
Fri Oct 19 10:29:51 UTC 2001
rslomkow at blackhole.parts-unknown.com wrote:
>
> Could someone help me understand WHY NXT records exist.
Bad protocol design, or backward compatibility - depends how you
look at it.
> Perhaps I shouldn't worry about zone transfers, and just consider that
> should not be part of a security policy.
You use DNSSEC, you currently have to permit such
pseudo-transfers, horrible but true.
Of course denying zone transfers was never a wonderful solution
as DNS data is so widely cached, but it seems a shame to lose
it.
More information about the bind-users
mailing list