On Tue, Apr 14, 2015 at 3:15 PM, Edward Lewis <edward.le...@icann.org> wrote: > On 4/14/15, 14:47, "Marjorie" <marjo...@id3.net> wrote: > >>The bottom line is that unrestricted AXFR is generally evil, > > I'd go with "generally unwise". There are folks that believe it is fine > to allow access to their zones and I have no reason to say they are > foolish.
+1. Included in this are (at least): . (from [b,c,f,g,k].root-servers.net) .arpa .bb .bd .bi .bv .capetown .cg .ci .cy ... and then I got bored... Some of the above operators *may* be surprised, but *certainty* not all. I know a number of the operators of the above and know that they have done this by choice. > Folks who are not concerned with the minutia of operating their > DNS server most likely would not want to allow the access and the tools > they use should meet their likely expectations. > > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
