On Tue, Mar 28, 2017 at 11:19:10AM +0100, Tony Finch <[email protected]> wrote a message of 33 lines which said:
> So my question is, how does the BULK rewriting system interact with DNS > loops? Is there a CPU-eating tarpit in there? Also, I find that the Security Considerations section of draft-woodworth-bulk-rr-05.txt is empty about the risk for authoritative secondary servers. Once you enable BULK, you are at the mercy of your master. (My registrar provides free secondary DNS service. Their server hosts thousands of zones they do not manage or control. I don't think they would be happy to enable BULK.) Advice: * a sub-section of Security Considerations section about this risk, * suggestions that there SHOULD be a way to disable BULK processing (or may be the opposite, make if off by default). _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
