Martin Pels <[email protected]> writes: > We think this feature could be more widely beneficial for cases where > there is an inconsistency between the view of a zone on a primary and > a secondary server not under control of the same operator. We'd love > to hear what others think.
Interesting problem! A few thoughts: 1. Text added that says something along the lines of "although the QTYPE used is AXFR, implementations should transfer the zone over whatever protocol they have been configured to use, which includes both AXFR over DNS/TCP and AXFR over TLS [RFC9103]. Note that IXFR transfers, which requires serial number alignment, MUST NOT be used." 2. The security considerations section should suggest (very strongly) that the use of TSIG when sending a notification is RECOMMENDED. (I recognize this is guidance for operators more than implementations, but implementations should ensure this is possible). -- Wes Hardaker Google _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
