[DNSOP] RFC7720 and AXFR

"A. Schulze" <sca@andreasschulze.de> Sun, 28 October 2018 12:33 UTC

Return-Path: <sca@andreasschulze.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8623A1293FB for <dnsop@ietfa.amsl.com>; Sun, 28 Oct 2018 05:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=andreasschulze.de header.b=JBe7ovSb; dkim=pass (2048-bit key) header.d=andreasschulze.de header.b=mMYzwrxc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7bajnaM83wP for <dnsop@ietfa.amsl.com>; Sun, 28 Oct 2018 05:33:16 -0700 (PDT)
Received: from mta.somaf.de (mta.somaf.de [IPv6:2001:470:77b3:103::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE569128CE4 for <dnsop@ietf.org>; Sun, 28 Oct 2018 05:33:16 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=andreasschulze.de; i=@andreasschulze.de; q=dns/txt; s=ed25519; t=1540729991; h=to : from : subject : message-id : date : mime-version : content-type : content-transfer-encoding : from : subject : date; bh=0OPlRKULJu+/tUhqL17mvj6I9BY064Cl5e9LKEv6NcI=; b=JBe7ovSb+vUjzcvyr8o0Lrs3xgTZVva7KfCcQyB2gFuT703wNcSU231F 7pkiSNQ94/MCEMS8xmJDebelna1rCA==
To: dnsop <dnsop@ietf.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=20180930-2EE7; t=1540729991; x=1545729991; bh=0OPlRKULJu+/tUhqL17mvj6I9BY064Cl5e9LKEv6NcI=; h=To:From:Subject:Message-ID:Date:Content-Type:from:reply-to: subject:date:to:cc:content-type:message-id; b=mMYzwrxcQfYvH+GZ29AZ50gwb+6gwRozfjHAWPzXG54a2powN93JPk7mdgxEvBihx FfN+yvn1CZFVIcskdQCGVfePoVcBM0kzNLQkiUx1j5qSp+k6ZTdYUobHoLkr+q5n9S t2DX/dqhfK6BYqWcLz1FEhceud2HeORrpey4p1Xw7hGHhlwp9A4udahEmvZx/vtCnm /z60wCyDIIMZqM2rWDfm37P5wArRyoL4royO3fPpZfSliXzGpYqh+HqaMTF8eTCPF+ dMEJyQzRDMNYhvmaWXqzDKevQK+fI+XFCzaGDrUaZ2vUEoayM2rrtLmIaBpx+s78t3 zZ2GK+OkSrOqw==
From: "A. Schulze" <sca@andreasschulze.de>
Message-ID: <2c00abd8-1c0d-cfee-5a5f-764a90f3f38c@andreasschulze.de>
Date: Sun, 28 Oct 2018 13:32:51 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1vv1N0TgB-xliVKWqjhlDPyJKfQ>
Subject: [DNSOP] RFC7720 and AXFR
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Oct 2018 12:33:20 -0000

Hello,

RFC 2870 (Root Name Server Operational Requirements) say

	2.7 Root servers SHOULD NOT answer AXFR, or other zone transfer,
            queries from clients other than other root servers.

The update, RFC 7720 (DNS Root Name Service Protocol and Deployment Requirements)
don't even mention AXFR at all.
All I found is https://tools.ietf.org/html/rfc7720#section-2

	o MUST implement core DNS [RFC1035] and clarifications to the DNS [RFC2181].

Is AXFR a strict requirement for root-servers today?

Andreas