[nsd-users] on axfr fallback

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Nov 12 08:48:43 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Woodcock wrote:
> NSD would never fall back to AXFR if _any_ of the configured masters 
> support IXFR, no?

Not precisely. In the suggestion I proposed, NSD would never fall back
to AXFR if *all* of the configured masters support IXFR. The marking is
on a per server basis: If one master does not implement IXFR, NSD would
request AXFR to that master, and will try IXFRs for the others.

> 
>     > A configuration knob to disable AXFR fallback entirely,  globally or per
>     > server basis would be nicer.
> 
> Yes, that would certainly help avoid messy accidents.

In my current opinion, that is the responsibility of the operator. If
you don't want to use AXFR, only install servers that support IXFR.
So the option is likely not to be strictly necessary and if we implement
it, it would be in strife with our requirements we set on NSD (in this
case simplicity).

Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJGphrIXqNzxRs6egRArW3AJ0Q0HV+2g5o7yQb/GL5M1yej2afngCeLgRs
vcKjitAUFvgvPKfTav/RhtA=
=cWIA
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list