Peter Mott writes:
2. A policy on Zone Transfers. Whats driving this policy?
At least partly a desire to move the operation of the .nz name service toward the standards set out by RFC 2010 (Operational Criteria for Root Name Servers), which says, among other things: 2.10. Zone transfer access control. The name server shall be configured so that outbound zone transfers are permitted only to destinations on the server's local networks, and to whichever networks the zone master designates for remote debugging purposes. Rationale: Zone transfers can present a significant load on a name server, especially if several transfers are started simultaneously against the same server. There is no operational reason to allow anyone outside the name server's and zone's administrators to transfer the entire zone. There's also the ugly question of privacy; while individual queries pose no privacy or commercial sensitivity issues (after all, the NS records wouldn't be there if they weren't intended to be used), a complete zone download gives you a lot more information than is required to resolve names to IP addresses. For example, one can get a fairly exhaustive list of DNS names and group them by service provider The policies in development for official .nz nameservers do take into account (a) the fact that the .nz servers aren't hit *quite* as hard as the root servers, and (b) that a hard and fast policy of no zone transfers is not required as long as the exceptions are reasonable and controlled. I think it's reasonable for Internet users to expect that data provided for the sole purpose of permitting other users to access their web pages or send them email is used for that purpose, and not for making them targets of unsolicited marketing material or cold-calling salespeople. Don't you? -- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog