[nsd-users] Unsecured zone transfers and open resolvers
Arnt Gulbrandsen
arnt at gulbrandsen.priv.no
Fri Jul 20 07:54:22 UTC 2012
On 07/20/2012 09:27 AM, Valentin Bud wrote:
> Why don't TLDs like .com or .net or .de offer AXFR for their zones.
For a start: If you have a big zone (.com and .de are nastily big) and
the zone transfer requests follow a Poisson distribution, zone transfers
can really strain your RAM. That can be solved, but perhaps disallowing
zone transfers is the simplest solution.
There are also a couple of other reasons. For example, some people will
tell you that some countries have relevant privacy legislation, but I've
never heard specifics. Consider it hearsay.
Arnt
More information about the nsd-users
mailing list