DNS/RFC/5936について、ここに記述してください。
https://tools.ietf.org/html/rfc5936
DNS Zone Transfer Protocol (AXFR)
https://tools.ietf.org/html/rfc5936#page-15
- Zone Contents
occluded names: "to close up or block off"
QNAME the name of the zone requested
2.2. AXFR Response
An AXFR response that is transferring the zone's contents will consist of a series (which could be a series of length 1) of DNS messages.
In such a series, the first message MUST begin with the SOA resource record of the zone, and the last message MUST conclude with the same SOA resource record. Intermediate messages MUST NOT contain the SOA resource record.
これからしても、ひとつのゾーンだけを含められることは明らか。
3. Zone Contents 3.1. Records to Include 3.2. Delegation Records 3.3. Glue Records ?? Inconsistent glue records are an operational matter. 3.5. Occluded Names
6. Zone Integrity
if any error is detected, this data set MUST be deleted, and the AXFR client MUST continue to serve the previous version of the zone, if it did before.
Ensuring that an AXFR client does not accept a forged copy of a zone
- is important to the security of a zone.
If a zone operator has the
- opportunity, protection can be afforded via dedicated links, physical or virtual via a VPN among the authoritative servers.
But there are instances in which zone operators have no choice but to run AXFR
- sessions over the global public Internet.