One of the principal advantages of http to a file is that the world has built out CDN to be efficient at back and front end delivery of this content. I can name many many entities who could do this with zero code simply by running cron job on a frequency chosen to fit timely update, and then content placement in their normal distribution method.
This is very attractive to me. It means I can say to people who want to help distribute the root, it's next to zero public facing code change to be able to do it. Please do not misunderstand this as disrespecting in band in protocol AXFR. My point is this increases the surface of participation in broadcasting the root, as a public good, in ways which demanding competency and literacy in DNS do not. G On Sat, 24 Jan 2026, 1:56 pm Wes Hardaker, <[email protected]> wrote: > "John Levine" <[email protected]> writes: > > > ICANN has two public AXFR servers at xfr.cjr.dns.icann.org and > > xfr.lax.dns.icann.org. How about asking them what their experience has > > been, how's the load, how hard is it to manage, how have they dealt > > with the sorts of attacks that people make on public servers. > > If they have that information, of course it would be helpful. > > I can tell you from the perspective of b.root-servers.net what our load > has been like: it's been growing since 2022 or so (and we haven't really > noticed any issues): > > https://ant.isi.edu/~hardaker/tmp/xfr-counts-by-date.png > > https://ant.isi.edu/~hardaker/tmp/xfr-counts-uniq-srcs.png > > https://ant.isi.edu/~hardaker/tmp/xfr-counts-by-ASN.png > > (the horizontal data points is 1 sample day every 3 months since late 2016) > > I'll mention again that the current documents state we should have > multiple protocol transfer options available for implementations and > operators to choose from. This is sort of already case in existing > implementations and we should support those. IMHO, AXFR should > definitely be one choice. But a zonefile-over-HTTPS makes sense to me too. > > -- > Wes Hardaker > Google > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
