[nsd-users] Unsecured zone transfers and open resolvers

Arnt Gulbrandsen arnt at gulbrandsen.priv.no
Fri Jul 20 07:54:22 UTC 2012

On 07/20/2012 09:27 AM, Valentin Bud wrote:
> Why don't TLDs like .com or .net or .de offer AXFR for their zones.

For a start: If you have a big zone (.com and .de are nastily big) and 
the zone transfer requests follow a Poisson distribution, zone transfers 
can really strain your RAM. That can be solved, but perhaps disallowing 
zone transfers is the simplest solution.

There are also a couple of other reasons. For example, some people will 
tell you that some countries have relevant privacy legislation, but I've 
never heard specifics. Consider it hearsay.


More information about the nsd-users mailing list