AW: Odd policy question.
Randy Bush
randy at psg.com
Fri Jan 13 22:07:11 UTC 2006
>>> it is a best practice to separate authoritative and recursive
>>> servers.
>> why?
> Because it prevents stale, authoritative data on your nameservers
> being returned to intermediate-mode resolvers in the form of
> apparently authoritative answers, bypassing a valid delegation chain
> from the root.
and thereby hiding the fact that someone has either lame delegated
or i have forgotten to remove an auth zone, both cases i want to
catch. not a win here.
randy
More information about the NANOG
mailing list