AW: Odd policy question.

• Previous message (by thread): AW: Odd policy question.
• Next message (by thread): AW: Odd policy question.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On January 13, 2006 10:09:51 AM -1000 Randy Bush <randy at psg.com> wrote:

>
>> it is a best practice to separate authoritative and recursive servers.
>
> why?

Cache poisoning (though this is less likely with more modern bind's and 
other resolvers) and the age old your view is NOT the same as the world 
view.  IE if you've got a customer who has offsite DNS, but hasn't told 
you, and you've got authoritative records for his zone, you might be 
delivering mail locally, or to the wrong place, and it can take a long time 
to figure this out.

>
> e.g. a small isp has a hundred auth zones (secondaried far
> away and off-net, of course) and runs cache.  why should
> they separate auth from cache?
>
> randy
>
>



--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

• Previous message (by thread): AW: Odd policy question.
• Next message (by thread): AW: Odd policy question.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]