On Sun, Mar 08, 2015 at 10:27:11PM -0700, Paul Vixie wrote: > > > > Paul Wouters <mailto:[email protected]> > > Sunday, March 08, 2015 9:03 PM > > On Sun, 8 Mar 2015, Paul Vixie wrote: > > > > > > So why are we proposing to ACL the ANY queries again? > > because people like me with dig-based diagnostic tools want to be able > to run ANY queries against our own servers, from our NOC/SOC.
For a domain registrar who hosts a massive amount of slave zones on serveral exernal nameservers (customers own Master, no way to access log files) it's important to have good diagnostic tools. I.e. a knob between allow-axfr-from and the ANY ACL would be nice. Otherwise I'm with Paul Wouters that ACL will kill ANY queries. -- Oliver PETER [email protected] 0x456D688F
signature.asc
Description: Digital signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
