[nsd-users] nsd does not fallback to axfr when ixfr doesn't work
Matthijs Mekking
matthijs at NLnetLabs.nl
Thu Aug 28 09:35:41 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Shane,
Shane Kerr wrote:
> Matthijs,
>
> On Thu, 2008-08-28 at 10:48 +0200, Matthijs Mekking wrote:
>> My question to the nsd-users list would be if there is interest in AXFR
>> fallback when the server does not understand IXFR. My opinion is that
>> NSD should support it, because we strife to be RFC-compliant.
>
> - I think when the slave contacts the master, if the master cannot
> provide IXFR for some reason (serial too old for example) then the
> master should return an error code rather than falling back to AXFR.
>
> - When the slave gets an error when attempting to IXFR, it should try a
> different master, and when all masters have returned an error then it
> should try AXFR.
This is what I wanted to suggest. I agree with you that it should first
try a different master.
>
> This allows the slave to use IXFR if any of the masters support it for
> the serial the slave is using, which is usually the best case, at least
> for large zones.
>
> It might be nice to be able to set this on a per-zone basis on the
> master, so that for small zones the master *does* fall back to AXFR, but
> since small zones are ... well, small, I don't think it matters too
> much.
>
> It might also be nice to set this on a per-master basis on the slave, so
> that masters which are known not to provide IXFR can be avoided.
You can already to this:
request-xfr: [AXFR] <ip-address> <key-name | NOKEY>
If the AXFR option is given, the server will not be contacted
with IXFR queries but only AXFR requests will be made to the server.
- - Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFItnFtIXqNzxRs6egRAupCAJ9zI35sezR/goU1Am8qGcSLXUnCNQCffxZH
M1/gZHtw5vX4SK8ShG/eL5Q=
=ZeJ4
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list