Hello,
While working on draft-ietf-dnsop-dnssec-keyrestore[0] we found that we
needed to force secondary servers to perform an AXFR our zone without
checking the serial number in the SOA record. While DNS implementations
have knobs to force a transfer from the secondary (e.g. "rndc
retransfer" in BIND, "nsd-control force_transfer" in NSD), there is
currently no mechanism to make a primary server force its secondaries to
perform an AXFR without checking the serial. The below draft introduces
such a mechanism.
We think this feature could be more widely beneficial for cases where
there is an inconsistency between the view of a zone on a primary and a
secondary server not under control of the same operator. We'd love to
hear what others think.
Kind regards,
Martin and Florian
[0] https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-keyrestore/
-------- Forwarded Message --------
Subject: New Version Notification for draft-pels-dnsop-axfr-notify-00.txt
Date: Mon, 18 May 2026 02:44:19 -0700
From: [email protected]
To: Florian Obser <[email protected]>, Martin Pels <[email protected]>
A new version of Internet-Draft draft-pels-dnsop-axfr-notify-00.txt has been
successfully submitted by Martin Pels and posted to the
IETF repository.
Name: draft-pels-dnsop-axfr-notify
Revision: 00
Title: AXFR message type for DNS NOTIFY
Date: 2026-05-18
Group: Individual Submission
Pages: 5
URL:
https://www.ietf.org/archive/id/draft-pels-dnsop-axfr-notify-00.txt
Status: https://datatracker.ietf.org/doc/draft-pels-dnsop-axfr-notify/
HTML:
https://www.ietf.org/archive/id/draft-pels-dnsop-axfr-notify-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-pels-dnsop-axfr-notify
Abstract:
This document defines a new AXFR message type for DNS NOTIFY
messages. The message instructs a secondary server to perform an
AXFR zone transfer of a zone.
The IETF Secretariat
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
