[On 18 Sep, @17:47, Robert wrote in "Re: delegation-only ineffectiv ..."]
> > be public. (Yes, I know, I'm an idealist.) If a formal requirement for
> > independent entities to be able to serve the zone prevents this kind of
> > secrecy, that'd be a nice bonus.
>
> I think the major reason that registries are blocking AXFR, is because it
> has become too common that people abuse the information that obtain from
> it.
>
> I'm thinking if that isn't also a little bit of the reason why DNSSEC
> hasn't been deployed (in any TLDs?).
well, that is not entirely true... you can do a nxt-walk very easily. You can
also block such walks very easily. Just rate limit the amount of nxt-queries
per IP.
This is the same as the privicy issues concerning whois queries. Some registries
are also rate limiting that. Which is not 100% secure, but it adds another barrier,
grtz Miek
--
NLnet Labs
#----------------------------------------------------------------------
# To unsubscribe, send a message to <[EMAIL PROTECTED]>.
