Thank you Petr and Mark for very useful comments. Seems specifying the right max-ixfr-ratio should secure us from this undesired behavior. Another option that my colleague suggested is to limit journal size.
Best regards, Misak Khachatryan On Thu, Oct 12, 2023 at 3:35 PM Petr Špaček <[email protected]> wrote: > On 12. 10. 23 13:09, Misak Khachatryan wrote: > > Thank you Viktor, > > > > In logs I see IXFR, which should be a case. This brings me to question > > to bind developers - shouldn't a change of dnssec-policy or at least > > such destructive ones automatically trigger AXFR? > > > > Of course it's not a question to be asked here, I will check the > > documentation of bind and ask it in the appropriate mailing list. > > Just to close the loop, you can configure "max-ixfr-ratio" option. See > > https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-max-ixfr-ratio > > Please send further questions to mailing list > https://lists.isc.org/mailman/listinfo/bind-users > > -- > Petr Špaček > Internet Systems Consortium > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations >
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
