On Fri, Feb 09, 2007 at 11:09:51AM -0500,
Joe Abley <[EMAIL PROTECTED]> wrote
a message of 52 lines which said:
> I also don't know of any formal undertaking by any of the current
> "real" root nameserver operators to leave un-authenticated [AI]XFR
> access to their servers for the root zone open, so there's the
> operational issue of needing to verify regularly that transfers to
> the stealth slave are succeeding.
Actually, the very old (I do not think there is a new version) RFC
2870 says the opposite:
2.7 Root servers SHOULD NOT answer AXFR, or other zone transfer,
queries from clients other than other root servers.
And I do not think there is a formal undertaking from Verisign to
publish ftp://rs.internic.net/domain/root.zone.gz either?
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
