This is a discussion on Re: Acting as stealth slave for root zone - DNS ; > Stephane Bortzmeyer writes: > > > > Eventually, I tried something that I fully expected not to work: I > > > tried to pull a copy of the root zone by zone transfer from the root > > ...
> Stephane Bortzmeyer
> > > Eventually, I tried something that I fully expected not to work: I
> > > tried to pull a copy of the root zone by zone transfer from the root
> > > servers themselves. It worked! I'd expected the query to be
> > > refused.
> > ...
> > > Is this new/temporary behavior? The spirited discussion a few weeks
> > > ago engendered by the idea of grabbing the root zone by ftp would
> > > seem to indicate that zone transfers have not always been permitted.
> > I believe that F and K always authorized it.
> Certainly F has always allowed zone transfers of the root zone, even when
> it was called NS.ISC.ORG back before the letter-names came into being. It
> is ISC's intention to permit AXFR of the root zone from f-root, always.
> Paul Vixie
As general advice to anyone doing this. Turn off NOTIFY
if you are slaving ".". The real roots don't need to know
everytime you have transfered / loaded the root zone.
This applies equally to FTP transfers as it applies to AXFR.
By default named will send the NOTIFY messages.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org