[nsd-users] nsd does not fallback to axfr when ixfr doesn't work

Shane Kerr shane at ca.afilias.info
Thu Aug 28 09:17:49 UTC 2008


Matthijs,

On Thu, 2008-08-28 at 10:48 +0200, Matthijs Mekking wrote:
> My question to the nsd-users list would be if there is interest in AXFR
> fallback when the server does not understand IXFR. My opinion is that
> NSD should support it, because we strife to be RFC-compliant.

- I think when the slave contacts the master, if the master cannot
provide IXFR for some reason (serial too old for example) then the
master should return an error code rather than falling back to AXFR.

- When the slave gets an error when attempting to IXFR, it should try a
different master, and when all masters have returned an error then it
should try AXFR.

This allows the slave to use IXFR if any of the masters support it for
the serial the slave is using, which is usually the best case, at least
for large zones.

It might be nice to be able to set this on a per-zone basis on the
master, so that for small zones the master *does* fall back to AXFR, but
since small zones are ... well, small, I don't think it matters too
much.

It might also be nice to set this on a per-master basis on the slave, so
that masters which are known not to provide IXFR can be avoided.


Note that this behavior is not what BIND currently implements (the
master falls back to AXFR when IXFR is not possible, and the slave will
try AXFR on the same master when IXFR is not possible), but that does
not mean BIND does the right thing. :)

--
Shane




More information about the nsd-users mailing list