[nsd-users] on axfr fallback

Ondřej Surý ondrej at sury.org
Wed Nov 12 22:42:34 UTC 2008


2008/11/12 Mauricio Vergara Ereche <mave at nic.cl>:
> On Wednesday 12 November 2008 05:48:43 Matthijs Mekking wrote:
> [...]
>> >     > A configuration knob to disable AXFR fallback entirely,  globally
>> >     > or per server basis would be nicer.
>> >
>> > Yes, that would certainly help avoid messy accidents.
>>
>> In my current opinion, that is the responsibility of the operator. If
>> you don't want to use AXFR, only install servers that support IXFR.
>
> That's ok if you manage every single secondary and master for a zone, but in
> reality, sharing of zones between different organizations with different
> style of administration happens.

OK, there are two cases here:

A) master not controlled

and

B) slave not controlled


In case of A) solution is simple - just don't configure it as master if it
doesn't support IXFR.

In case of B) (and unbound) - you are just fine, since you control master.

What I am missing?

>> So the option is likely not to be strictly necessary and if we implement
>> it, it would be in strife with our requirements we set on NSD (in this
>> case simplicity).
>
> OK, in case that matters, I also think that the configuration knob issue would
> be really great :-)

For what exactly?

I am against creating configuration option just because "it might be handy".

Ondrej
-- 
Ondřej Surý <ondrej at sury.org>


More information about the nsd-users mailing list