Changing it to work by AXFR/IXFR would be quite a challenge.
On ICANN’s side, what more would it require standing up a name server and sharing TSIG keys? If DNS UPDATE were also implemented, it would address the timeliness issue (if the registries were willing to play along).
Due to the three month expiry, I doubt that any two clients have access to the same set of zones, which would make ACL management pretty exciting, particularly since I believe the credentials are stored in some SSO thing from Okta. There's over a thousand zones and there's certainly over a thousand users, so we're talking about ACLs with more than a million entries. Also, based on some of the chatter here, I suspect that a many of of the users do not have the expertise to run a secondary DNS server and manage TSIGs. A lot of CZDS users log into a web site and point and click to download files.
Of course, CZDS users would likely need to change their code. However, this wouldn’t have to be either/or — both could be done with the benefit of using IXFR being only getting the diffs (and, potentially better timeliness).
Viktor and I can do whatever we need to, but I don't think that scales. The automatic scripted stuff is somewhat documented for the daily downloads, and not at all for all the other stuff like extensions and renewals. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly