.nz Secondary -- Victoria University upgrading Bind to 8.2
NZNOG'ers, FYI, Victoria University are in the process of upgrading the .nz Secondary from Bind 4.9(ish) to 8.2. In doing so, they will be restricting zone transfers to the Primary and Secondary .nz zone machines. Richard Stevenson is the contact, at Victoria My regards, PATRICK J O'BRIEN Fax: (04) 473-4569 Voice: (04) 473-4567 Mail: P.O.BRIEN(a)DOMAINZ.NET.NZ Web: http://www.DOMAINZ.NET.NZ --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
FYI, Victoria University are in the process of upgrading the .nz Secondary from Bind 4.9(ish) to 8.2.
In doing so, they will be restricting zone transfers to the Primary and Secondary .nz zone machines.
Can somebody translate above for me? I guess he is talking about rata.vuw.ac.nz It already appears to restrict XFRS to known hosts regards Peter Mott Chief Enthusiast 2Day Internet Limited http://www.2day.net.nz -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, May 26, 1999 at 10:07:01AM +1200, 2Day Chief Enthusiast wrote:
FYI, Victoria University are in the process of upgrading the .nz Secondary from Bind 4.9(ish) to 8.2.
In doing so, they will be restricting zone transfers to the Primary and Secondary .nz zone machines.
Can somebody translate above for me?
I guess he is talking about rata.vuw.ac.nz It already appears to restrict XFRS to known hosts
I think you're wrong; I was just able to perform a zone transfer for ac.nz and gen.nz from rata to tardis.patho.gen.nz. I didn't try all the second level zones, but I presume they all have the same transfer policy. Closing this up is a good thing, in my opinion. However, I would have thought that a good policy for authoritative nz nameservers _other_ than ns1.waikato.ac.nz would be "deny all" -- there is no reason (for example) why a CLEAR Net nameserver would need to perform a zone transfer from rata. Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
However, I would have thought that a good policy for authoritative nz nameservers _other_ than ns1.waikato.ac.nz would be "deny all" -- there is no reason (for example) why a CLEAR Net nameserver would need to perform a zone transfer from rata.
ns1.waikato.ac.nz or ns99.waikato.ac.nz? -cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, May 26, 1999 at 10:46:17AM +1200, Chris Wedgwood wrote:
However, I would have thought that a good policy for authoritative nz nameservers _other_ than ns1.waikato.ac.nz would be "deny all" -- there is no reason (for example) why a CLEAR Net nameserver would need to perform a zone transfer from rata.
ns1.waikato.ac.nz or ns99.waikato.ac.nz?
Oh, you're right. ns99. <hits forehead with spoon> Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Joe Abley wrote:
On Wed, May 26, 1999 at 10:46:17AM +1200, Chris Wedgwood wrote:
However, I would have thought that a good policy for authoritative nz nameservers _other_ than ns1.waikato.ac.nz would be "deny all" -- there is no reason (for example) why a CLEAR Net nameserver would need to perform a zone transfer from rata.
ns1.waikato.ac.nz or ns99.waikato.ac.nz?
Oh, you're right. ns99. <hits forehead with spoon>
I agree with Joe on this. ns99 should similarly restrict downloads to only those nameservers which are listed as secondaries. -- Mailto:asjl(a)netlink.net.nz Post: Netlink, PO Box 5358, Lambton Quay, Wellington, New Zealand -- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
ns1.waikato.ac.nz or ns99.waikato.ac.nz?
Oh, you're right. ns99. <hits forehead with spoon>
I agree with Joe on this. ns99 should similarly restrict downloads to only those nameservers which are listed as secondaries.
I am only in favour of restricting zone transfers from all authorative .nz name servers if one can obtain an FTP account from the registry to get the zone files. Lets take this thread over to registry-discuss(a)2day.com regards Peter Mott Chief Enthusiast 2Day Internet Limited http://www.2day.net.nz -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, May 26, 1999 at 12:02:25PM +1200, 2Day Chief Enthusiast wrote:
I am only in favour of restricting zone transfers from all authorative .nz name servers if one can obtain an FTP account from the registry to get the zone files.
For the record, it's only ns99 and rata that currently permit zone transfers; none of the others do. A good compromise might be to restrict zone transfers from ns99 to "all authoritative servers plus authorised hosts" to allow people like Peter to continue to pull the data, without having to mess about with ftp. Domainz could authorise hosts as they saw fit (I would expect the authorisation policy to be fairly non-restrictive). The driver for doing this, remember, is to prevent the unscrupulous walking the DNS, enumerating domain names for the purposes of evil spam; it's not to stop record harvesting for the purposes of generating statistics. This is just for ns99 -- I would expect other authoritative servers to deny transfers from _anybody_. Maintaining a current transfer access list on every secondary is unnecessary. Being overly restrictive on this issue could be problematic anyway; for example CLEAR and Xtra have access to the zone files since they operate authoritative nameservers for the benefit of the community. It would be bizarre if other providers were denied access to the same information simply because they're small (or focused on niche services). Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (5)
-
2Day Chief Enthusiast -
Andy Linton -
Chris Wedgwood -
Joe Abley -
Patrick O'Brien