"John Levine" <[email protected]> writes: > ICANN has two public AXFR servers at xfr.cjr.dns.icann.org and > xfr.lax.dns.icann.org. How about asking them what their experience has > been, how's the load, how hard is it to manage, how have they dealt > with the sorts of attacks that people make on public servers.
If they have that information, of course it would be helpful. I can tell you from the perspective of b.root-servers.net what our load has been like: it's been growing since 2022 or so (and we haven't really noticed any issues): https://ant.isi.edu/~hardaker/tmp/xfr-counts-by-date.png https://ant.isi.edu/~hardaker/tmp/xfr-counts-uniq-srcs.png https://ant.isi.edu/~hardaker/tmp/xfr-counts-by-ASN.png (the horizontal data points is 1 sample day every 3 months since late 2016) I'll mention again that the current documents state we should have multiple protocol transfer options available for implementations and operators to choose from. This is sort of already case in existing implementations and we should support those. IMHO, AXFR should definitely be one choice. But a zonefile-over-HTTPS makes sense to me too. -- Wes Hardaker Google _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
