[Yeti DNS Discuss] An IXFR Fallback to AXFR Case
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Apr 28 09:44:12 UTC 2016
On Thu, Apr 28, 2016 at 05:14:29PM +0800,
Davey Song <ljsong at biigroup.cn> wrote
a message of 128 lines which said:
> I composed a draft describing the case of IXFR fallback to AXFR
> during MZSK experiment. Comments are welcome !Thank you
> To ask for development of new IXFR protocol to exclude the RRSIG as
> a specially zone content when it compute the diff sequences in MZSK
> model.
It seems very complicated to do. Not only it introduces a special case
for RRSIG (what about NSEC*?) but also there is a risk of
inconsistencies if some parts of the zone changed, then requiring new
RRSIGs which will have to coexist with the old ones, made with a
different key!
> To ask for adopt of IXFR-only draft and recommend it as default IXFR
> protocol for MZSK situation
I do not see how it would help: IXFR would fail and then, without
fallback (to AXFR), the slave would not be updated.
There is also a fourth solution you do not mention: tie each slave
root server to a specific DM. This would decrease redundancy and
resiliency but would allow normal IXFR, and may make debugging easier.
More information about the discuss
mailing list