Re: [DNSOP] RFC7720 and AXFR

Wes Hardaker <> Wed, 31 October 2018 22:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F000D130DD4 for <>; Wed, 31 Oct 2018 15:39:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7bx97d9GlpYK for <>; Wed, 31 Oct 2018 15:39:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F376D130DF4 for <>; Wed, 31 Oct 2018 15:39:02 -0700 (PDT)
Received: from localhost (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 197DD25AB6; Wed, 31 Oct 2018 15:39:02 -0700 (PDT)
From: Wes Hardaker <>
To: Evan Hunt <>
Cc: "A. Schulze" <>, dnsop <>
References: <> <>
Date: Wed, 31 Oct 2018 15:39:01 -0700
In-Reply-To: <> (Evan Hunt's message of "Sun, 28 Oct 2018 16:44:42 +0000")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [DNSOP] RFC7720 and AXFR
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 31 Oct 2018 22:39:05 -0000

Evan Hunt <> writes:

> IMHO it would be nice if all 13 letters provided AXFR service, but at a
> minimum we it's important for *some* of them to do so.

Note about a project of mine that offers TSIG protected AXFRs and DNS
notifications, unlike directly AXFRing from random root letters:

I haven't advertised this too widely yet, but there are a number of
people using it already.

Note that it also dumps out configuration for all the root letters that
do support AXFRs (and from which I've gotten their explicit permission
to do so).  The root identifiers supporting AXFR today (some of whom
added it specifically because of wanting to support this project)
include B, C, D, F, G, and K.  Plus ICANN has their AXFR addresses, as
previously mentioned, at and .

Wes Hardaker