Disable fallback to AXFR

Vicky Shrestha vicky at geeks.net.np
Tue Apr 15 19:47:53 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 15, 2008, at 18:39 PM, Matus UHLAR - fantomas wrote:
>>> On 15.04.08 02:46, Vicky Shrestha wrote:
>>>> Is there a way we can configure a slave name server not to fall  
>>>> back
>>>> to AXFR if IXFR fails for a zone ? Assuming the initial zone is
>>>> already transferred using AXFR.
>
>> On Apr 15, 2008, at 14:36 PM, Matus UHLAR - fantomas wrote:
>>> I doubt so. Do you want not to provide the zone if it can't be  
>>> IXFRed?
>
> On 15.04.08 18:09, Vicky Shrestha wrote:
>> I want it to keep on retrying IXFR for zone updates; basically avoid
>> doing AXFR of a huge zone file in sites where bandwidth is limited.
>
> So, what you want is not disabling AXFR but retrying IXFR. Disabling  
> AXFR
> could lead to problem described by me.

Yes. Basically keep on retrying IXFR during network problems and  
disable AXFR fallback and not AXFR all together. I noticed that when  
bind experiences network problems during the actual IXFR transfer, it  
will fall back to AXFR.

>
>
> ... and if there are too many changes in the zone, so IXFR would  
> lead to
> more data transferred than AXFR, the server should refuse IXFR and  
> AXFR
> should be used then.

When the zone file size is in order of 100M or more, the changes are  
generally less than the zone file size.

>
>
> Disabling AXFR is bad idea again.
> -- 
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> WinError #99999: Out of error messages.
>

Regards,


Vicky Shrestha


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iQEcBAEBAgAGBQJIBQZpAAoJEGi4SIJCvhML9KYH/062XuIwQ7OpE2LWiXG0jxQ1
TRoV8bIFWqNu7PIPtFCcxqkEZLU5qONmJ0v99RET5Xgyh5RKl4WYLOuoFkvAm9qn
Ui3DOpW1uiEk25uLZJWKMNqCp+2rsJ6RBQPM1wLKpZLntAn/Oqz3+Tgmh4BMHEPi
z/Yax3oweMaZwGE1hKkl3M2Z67AUsrCJNcww0z3asop7Gv4CZl2yNipseLCY3Wb8
vZLnEfDXnXOjYsRx0vUwDvlvyy60GW+51yEVZ6UfPzRbCAFomVXGaPdmxj66OFzr
OvILBDAiDo6N0ZZemBZuhdIWRjs580AahO4YqPo9VjHbN0hP/TU+dmd29M27Ryc=
=IUWL
-----END PGP SIGNATURE-----

More information about the bind-users mailing list