In message <[email protected]>, Mathew Ian Eis writes: > Howdy Mark, > > Can you please clarify the best practice for this? > > > Recursive servers (honouring RD=1) however can be authoritative for > > zones. > > In this context of "authoritative", do you mean that they can be fully > functional slaves and have a complete copy of the zone information?
Yes. > I would imagine you would still not want such recursive servers to be > truly authoritative (e.g. listed in the NS records for the zones), > correct? Correct. You don't want the listed servers for the zone returning data that is learnt via iterative/recursive lookups and the best way to do that is to not have those servers recurse. > Thanks in advance, > > Mathew Eis > Northern Arizona University > Information Technology Services > [email protected] > (928) 523-2960 > > > > > > > > > -----Original Message----- > From: <[email protected]> on behalf of Mark Andrews > <[email protected]> > Date: Monday, August 10, 2015 at 11:12 AM > To: Gary Carr <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: separation of authoritative and recursive functions on > internal networks > > > > >Authoritative servers (listed in NS records) shouldn't be recursive. > >This prevents leakage of cache data. This provide consistent > >answers. The server also doesn't have to decide what type of answer > >to give (recursive vs authoritative). Glue doesn't get overridden > >by answers, etc. > > > >Recurive servers (honouring RD=1) however can be authoritative for > >zones. This proves robustness in the presence of link failures. > >Faster than ttl expiry of local zone changes (provided that notify > >messages are sent). > > > >Unfortunately this has become strict seperation lore which really > >wasn't ever the intent. > > > >Mark > >-- > >Mark Andrews, ISC > >1 Seymour St., Dundas Valley, NSW 2117, Australia > >PHONE: +61 2 9871 4742 INTERNET: [email protected] > >_______________________________________________ > >Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > > >bind-users mailing list > >[email protected] > >https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
