AW: Odd policy question.

• Previous message (by thread): AW: Odd policy question.
• Next message (by thread): Odd policy question.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Randy Bush:

>> it is a best practice to separate authoritative and recursive servers.
>
> why?
>
> e.g. a small isp has a hundred auth zones (secondaried far
> away and off-net, of course) and runs cache.  why should
> they separate auth from cache?

Some registrars require that you begin to serve the domain before it's
actually delegated to you.  If you don't run a split setup, it might
happen that you hijack someone else's domain.  For example, some ISPs
already serve .EU domains on their resolvers, although they haven't
been delegated to them yet.  A unified setup also means that customers
can hijack domains (intentionally or not) if your registratry checks
go wrong.  And you don't notice if the delegation goes astray for some
reason.

The upside of a unified setup is that DNS continues to work even if
you're disconnected from the Internet.  It is somewhat easier to
configure.  And you aren't subject to DNS spoofing attacks for your
own domains.

• Previous message (by thread): AW: Odd policy question.
• Next message (by thread): Odd policy question.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]