Re: Acting as stealth slave for root zone
> Stephane Bortzmeyer <email@example.com> writes:
> > > Eventually, I tried something that I fully expected not to work: I
> > > tried to pull a copy of the root zone by zone transfer from the root
> > > servers themselves. It worked! I'd expected the query to be
> > > refused.[/color]
> > ...[color=darkred]
> > > Is this new/temporary behavior? The spirited discussion a few weeks
> > > ago engendered by the idea of grabbing the root zone by ftp would
> > > seem to indicate that zone transfers have not always been permitted.[/color]
> > I believe that F and K always authorized it.[/color]
> Certainly F has always allowed zone transfers of the root zone, even when
> it was called NS.ISC.ORG back before the letter-names came into being. It
> is ISC's intention to permit AXFR of the root zone from f-root, always.
> Paul Vixie[/color]
As general advice to anyone doing this. Turn off NOTIFY
if you are slaving ".". The real roots don't need to know
everytime you have transfered / loaded the root zone.
This applies equally to FTP transfers as it applies to AXFR.
By default named will send the NOTIFY messages.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email]Mark_Andrews@isc.org[/email]