Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: AW: Odd policy question.

  • From: Michael Loftis
  • Date: Fri Jan 13 15:26:50 2006



--On January 13, 2006 10:09:51 AM -1000 Randy Bush <randy@psg.com> wrote:


it is a best practice to separate authoritative and recursive servers.
why?
Cache poisoning (though this is less likely with more modern bind's and other resolvers) and the age old your view is NOT the same as the world view. IE if you've got a customer who has offsite DNS, but hasn't told you, and you've got authoritative records for his zone, you might be delivering mail locally, or to the wrong place, and it can take a long time to figure this out.

e.g. a small isp has a hundred auth zones (secondaried far
away and off-net, of course) and runs cache.  why should
they separate auth from cache?

randy




--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.