In message <23f8b4f8-b0ea-436d-a700-87ac63248...@nau.edu>, Mathew Ian Eis writes: > Howdy Mark, > > Can you please clarify the best practice for this? > > > Recursive servers (honouring RD=1) however can be authoritative for > > zones. > > In this context of "authoritative", do you mean that they can be fully > functional slaves and have a complete copy of the zone information?
Yes. > I would imagine you would still not want such recursive servers to be > truly authoritative (e.g. listed in the NS records for the zones), > correct? Correct. You don't want the listed servers for the zone returning data that is learnt via iterative/recursive lookups and the best way to do that is to not have those servers recurse. > Thanks in advance, > > Mathew Eis > Northern Arizona University > Information Technology Services > mathew....@nau.edu > (928) 523-2960 > > > > > > > > > -----Original Message----- > From: <bind-users-boun...@lists.isc.org> on behalf of Mark Andrews > <ma...@isc.org> > Date: Monday, August 10, 2015 at 11:12 AM > To: Gary Carr <garycarr...@gmail.com> > Cc: "bind-us...@isc.org" <bind-us...@isc.org> > Subject: Re: separation of authoritative and recursive functions on > internal networks > > > > >Authoritative servers (listed in NS records) shouldn't be recursive. > >This prevents leakage of cache data. This provide consistent > >answers. The server also doesn't have to decide what type of answer > >to give (recursive vs authoritative). Glue doesn't get overridden > >by answers, etc. > > > >Recurive servers (honouring RD=1) however can be authoritative for > >zones. This proves robustness in the presence of link failures. > >Faster than ttl expiry of local zone changes (provided that notify > >messages are sent). > > > >Unfortunately this has become strict seperation lore which really > >wasn't ever the intent. > > > >Mark > >-- > >Mark Andrews, ISC > >1 Seymour St., Dundas Valley, NSW 2117, Australia > >PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > >_______________________________________________ > >Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > > >bind-users mailing list > >bind-users@lists.isc.org > >https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
