Re: Acting as stealth slave for root zone - DNS
This is a discussion on Re: Acting as stealth slave for root zone - DNS ; Stephane Bortzmeyer writes:
> > Eventually, I tried something that I fully expected not to work: I
> > tried to pull a copy of the root zone by zone transfer from the root
> > servers themselves. It worked! ...
-
Re: Acting as stealth slave for root zone
Stephane Bortzmeyer writes:
> > Eventually, I tried something that I fully expected not to work: I
> > tried to pull a copy of the root zone by zone transfer from the root
> > servers themselves. It worked! I'd expected the query to be
> > refused.
> ...
> > Is this new/temporary behavior? The spirited discussion a few weeks
> > ago engendered by the idea of grabbing the root zone by ftp would
> > seem to indicate that zone transfers have not always been permitted.
>
> I believe that F and K always authorized it.
Certainly F has always allowed zone transfers of the root zone, even when
it was called NS.ISC.ORG back before the letter-names came into being. It
is ISC's intention to permit AXFR of the root zone from f-root, always.
--
Paul Vixie
