Spain was offline

Keith Mitchell keith at
Fri Sep 1 22:34:50 UTC 2006

Joe Abley wrote:

>> Well, let's rephrase that. Anyone can't get a TLD zone?
> While there are many smaller TLD zones that don't get updated very often
> and which have wide-open AXFR to all and sundry, I'm betting that the
> majority of zones that people on this list care about either update
> sufficiently rapidly that zone synchronisation is non-trivial, or have
> zone transfer restrictions in place, or both.

It has been some years since I had to worry about these issues wearing a
Nominet hat, but I would say that for majority of well-managed TLD
operators, data mining is a very serious concern. There have various
incidents in the past where squatters, scammers or spammers have made
strenuous efforts to reverse-engineer registry data for their own ends.
Sometimes even significant technical prevention is not enough, and legal
remedy is also required.

Restricting AXFRs is only the most entry-level counter-measure against
such abuses. My understanding is that best TLD registry practice is to
only allow AXFRs to boxes which are either under control of or contract
to the registry, or at the very least to a 3rd parties with whom a
restricted redistribution agreement is in place.


More information about the NANOG mailing list