Re: [DNSOP] RFC7720 and AXFR

Paul Vixie <> Sun, 28 October 2018 17:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5582B127332 for <>; Sun, 28 Oct 2018 10:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Weoqf9P2Q7Wn for <>; Sun, 28 Oct 2018 10:14:56 -0700 (PDT)
Received: from ( [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E89F1124D68 for <>; Sun, 28 Oct 2018 10:14:56 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:a113:6eac:622e:d025] (unknown [IPv6:2001:559:8000:c9:a113:6eac:622e:d025]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id B79B7892C6; Sun, 28 Oct 2018 17:14:56 +0000 (UTC)
Message-ID: <>
Date: Sun, 28 Oct 2018 10:14:58 -0700
From: Paul Vixie <>
User-Agent: Postbox 5.0.25 (Windows/20180328)
MIME-Version: 1.0
To: Evan Hunt <>
CC: "A. Schulze" <>, dnsop <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] RFC7720 and AXFR
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 28 Oct 2018 17:14:59 -0000

Evan Hunt wrote:
> I've been assured by ISC folks that we'll always serve AXFR on F, but I
> don't know if that commitment is in writing, nor whether the other roots
> that currently support it have made any promises to keep doing so.
> IMHO it would be nice if all 13 letters provided AXFR service, but at a
> minimum we it's important for *some* of them to do so.

while i agree with you (and i'm the one who set F's policy, back in the 
day), it's important to recognize achievements and advances where they 
have occurred. ICANN has "put something in writing" as you say:

while RFC 7706 is terrible engineering and the IETF should be ashamed of 
publishing it, i think the least we can do is acknowledge that ICANN 
operates (and promises to continue operating) AXFR servers for the root 
zone. see again URL above. there is no need to make production AXFR 
queries for the root zone from "real" root servers any more.

P Vixie