John, Some feedback for you. Background A primary name server is a name server that gets the data for its zones from local files. Changes to a zone, such as adding domains or hosts, are done at the Primary Name Server. A secondary name server gets the data for its zones from another name server across the network which is authoritative for that zone. The processes of obtaining this zone information (that is the database file) across the network is referred to as a zone transfer. Since bind 8 I believe the nomenclature that has been widely adopted is a "master" nameserver (corresponding to a master zone configured on that host) and multiple "slave" nameservers which keep their copies of the zone up-to-date using zone transfers. Probably makes sense to make use of the current terminology. Zone Transfers will be allowed provided: [...] I think that there are numerous reasons to perform a zone transfer which are not covered here, which would be consistent with the privacy act provision in point 2. It seems to me that the list is unnecessarily restrictive in presuming to know all the reasons an operator might have for performing a zone transfer. I also think that there is nothing wrong with statistics gathering. Understanding trends makes the network a safer place. I do not understand your earlier point that data for statistical analysis would be available on the web, but not by zone transfer... Perhaps I misunderstood it. I would rephrase point (3) to be something like: that it is not for the purpose of allowing, enabling or otherwise supporting the transmission of mass unsolicitited, commercial advertising or solicitatious e-mail. I would also make point (4) a little more general, and allow zone transfers to facilitate "operational network engineering". Is it reasonable for a request not to contain a detailed description of the reason for wanting to perform a zone transfer? What is a reasonable request? Is the idea of this policy to be prepared in the event that a flagrant misuse of the zone data occurs? If so, I think it's a good idea. If the idea is to implement an immediate set of restrictions on zone transfers, and to administer zone transfer access control (including all associated adds, moves and changes) for all secondary nameservers, then I remain slightly dubious :) Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog