On Sun, Mar 08, 2015 at 10:27:11PM -0700, Paul Vixie wrote: > > > > Paul Wouters <mailto:p...@nohats.ca> > > Sunday, March 08, 2015 9:03 PM > > On Sun, 8 Mar 2015, Paul Vixie wrote: > > > > > > So why are we proposing to ACL the ANY queries again? > > because people like me with dig-based diagnostic tools want to be able > to run ANY queries against our own servers, from our NOC/SOC.
For a domain registrar who hosts a massive amount of slave zones on serveral exernal nameservers (customers own Master, no way to access log files) it's important to have good diagnostic tools. I.e. a knob between allow-axfr-from and the ANY ACL would be nice. Otherwise I'm with Paul Wouters that ACL will kill ANY queries. -- Oliver PETER oli...@gfuzz.de 0x456D688F
signature.asc
Description: Digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
