Acting as stealth slave for root zone
Mark Andrews
Mark_Andrews at isc.org
Wed Dec 8 22:16:48 UTC 2004
> Stephane Bortzmeyer <bortzmeyer at nic.fr> writes:
>
> > > Eventually, I tried something that I fully expected not to work: I
> > > tried to pull a copy of the root zone by zone transfer from the root
> > > servers themselves. It worked! I'd expected the query to be
> > > refused.
> > ...
> > > Is this new/temporary behavior? The spirited discussion a few weeks
> > > ago engendered by the idea of grabbing the root zone by ftp would
> > > seem to indicate that zone transfers have not always been permitted.
> >
> > I believe that F and K always authorized it.
>
> Certainly F has always allowed zone transfers of the root zone, even when
> it was called NS.ISC.ORG back before the letter-names came into being. It
> is ISC's intention to permit AXFR of the root zone from f-root, always.
> --
> Paul Vixie
As general advice to anyone doing this. Turn off NOTIFY
if you are slaving ".". The real roots don't need to know
everytime you have transfered / loaded the root zone.
This applies equally to FTP transfers as it applies to AXFR.
By default named will send the NOTIFY messages.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list