sasa sasa wrote: > I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation > tree (answering world), and I know about cache vulnerabilities so I was > wondering what is the best solution for ISPs? By separating cache from > authorities, you mean implementing 2 DNSs (2 different IPs)? This doesn't > sound practical. > > Thanks, Sa
Why not? Your customers don't need to know about the authoritatives directly; the only addresses they'll require are the caching servers'. I'd bet on small efficiencies to be gained only by mixing the two, but not worth the potential troubles, IMHO. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users