On 3/1/2010 5:44 AM, Stephane Bortzmeyer wrote:
On Sat, Feb 27, 2010 at 06:51:44PM +0100,
Oliver Henriot<oliver.henr...@imag.fr> wrote
a message of 104 lines which said:
but my computing skills are scarce and I still have a lot to learn.
For instance, that you should always use real names
<http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames>
- servers "2", "3" and "4" : slaves for my domain, recusrion allowed for
all, official resolvers for my clients, same configuration on all 3.
Bad setup: you should really completely separate authoritative and
recursive services.
I'm not sure those recommendations apply as strongly as they used to.
Now we have views and (if the original poster were to upgrade to 9.4.x
or higher) fine-grained control over access to cached data.
Also, I'm not sure the authoritative zone mentioned by the original
poster is actually being served to the Internet. If it's only internal,
that might alter the threat model slightly.
Then again, I'm not sure exactly what you mean by "completely separate".
Separate hardware? That might be hard to justify economically (cost
versus benefit).
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
