[Yeti DNS Discuss] An IXFR Fallback to AXFR Case

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Apr 28 09:44:12 UTC 2016

On Thu, Apr 28, 2016 at 05:14:29PM +0800,
 Davey Song <ljsong at biigroup.cn> wrote 
 a message of 128 lines which said:

> I composed a draft describing the case of IXFR fallback to AXFR
> during MZSK experiment. Comments are welcome !Thank you

> To ask for development of new IXFR protocol to exclude the RRSIG as
> a specially zone content when it compute the diff sequences in MZSK
> model.

It seems very complicated to do. Not only it introduces a special case
for RRSIG (what about NSEC*?) but also there is a risk of
inconsistencies if some parts of the zone changed, then requiring new
RRSIGs which will have to coexist with the old ones, made with a
different key!

> To ask for adopt of IXFR-only draft and recommend it as default IXFR
> protocol for MZSK situation

I do not see how it would help: IXFR would fail and then, without
fallback (to AXFR), the slave would not be updated.

There is also a fourth solution you do not mention: tie each slave
root server to a specific DM. This would decrease redundancy and
resiliency but would allow normal IXFR, and may make debugging easier.

More information about the discuss mailing list