John Crain alluded to the point I want to reinforce here. There are many
different operational postures. It's tempting to see a situation as it
applies to just one. The three snips below illustrate common environments
I've run across - TLD (/registration zones), remote debugging
(/third-party ma
I find the question: "if you had an FTP fetch of the zone, would you
feel comfortable making that available for anonymous FTP" a useful
question.
In reverse, we have the entire zonestate as FTP files. publicly
visible. Signed in PGP. And we have whois, with varying degrees of
throttle, for operati
On 4/15/15, 7:42, "George Michaelson" wrote:
>So on that basis: the FTP rule passes: we have open FTP, why would we
>block AXFR?
It's your call, it's local policy. I've worked in environments where the
name servers answering queries did not implement the AXFR mechanism.
"Generally unwise" can
Edward Lewis wrote:
>
> (By the same token, why would one use NSEC3 for signed zones when the zone
> is available over FTP?)
Opt-out.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Trafalgar: Cyclonic 5 or 6. Moderate or rough. Thundery showers. Moderate or
good.
___
On 04/15/2015 10:01 AM, Tony Finch wrote:
> Edward Lewis wrote:
>>
>> (By the same token, why would one use NSEC3 for signed zones when the zone
>> is available over FTP?)
>
> Opt-out.
Yes. Zone size.
Hugo
___
dns-operations mailing list
dns-operatio
On 4/15/15, 9:01, "Tony Finch" wrote:
>Edward Lewis wrote:
>>
>> (By the same token, why would one use NSEC3 for signed zones when the
>>zone
>> is available over FTP?)
>
>Opt-out.
I thought I was going to avoid expanding the discussion into NSEC3 by
limiting my comment to just that.
Apparentl
