On Mar 25, 2015, at 12:19 AM, k...@wide.ad.jp wrote:
> It is better to describe that the update of the zone can be delayed a
> little bit as no NOTIFY message is sent to the root-on-loopback.
Good point; added.
> In Appendix A, the root servers listed allow AXFR currently, but I am
> afraid they don't guarantee it in the future. It may be necessary to
> confirm it with the operator of each root server listed.
The appendix already says:
It is crucial to note that none of the above services are guaranteed
to be available. It is possible that ICANN or some of the root server
operators will turn off the AXFR capability on the servers listed above.
Asking any operator to guarantee something in the future doesn't mean they
actually will do so, so this warning is more appropriate.
> In Appendix B, most of the IP addresses of the root DNS servers are
> anycasted. They are not suitable for the target to pull the zone data
> in AXFR over TCP.
Fully disagree. AXFR of the root zone over TCP over anycast works just fine in
all our testing. As Tony Finch points out, it works well in the current
Internet.
> Also it must be noted that these addresses may change over time (while
> the frequency is not high), it may need to give a warning to
> periodically check if the addresses are valid.
Is the above warning not sufficient?
> Generating the
> configuration after priming query? (this is a joke)
>
> IMHO, it may necessary to establish an infrastructure to distribute
> root zone in scalable/reliable manner.
Feel free to create such an infrastructure. After it is in place, we can update
this document. In the meantime, this document describes a practice that many
operators are already using quite successfully.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
