On Fri, 26 Oct 2018 09:46:39 -0600 Grant Taylor via bind-users <bind-users@lists.isc.org> wrote:
> On 10/26/2018 01:08 AM, N6Ghost wrote: > > maybe its just old habits, > > Fair enough. I know that I have plenty of my own old (¿bad?) habits > too. > > > i think its a bad idea to build your infrastructure in a way the > > needs forward zones to work. not when you can build it with proper > > delegation. > > > i just think when building namespaces proper delegation should be > > used and forward zones should be avoided if you can. > > Ah. > > I see forward zones, and slaving, as tools to help enable restricted > environments work. Specifically where there is proper delegation as > seen by the larger organization and / or the Internet. I've had a > few departments where they were not allowed to access anything > outside their network. So their local DNS server (running on a > multihomed bastion) would slave or forward zones from the larger > organizational namespace. The limitation was imposed by the small > department, not an issue with the overall namespace. > > > i agree with this, forward is a use it you must, avoid if you can. but valable tool for all sorts of wacky use cases. but if your planning out critical namespaces... you should not PLAN on forward zones. unless you have to. thats just a micky mouse way of doing it. your just assuming to much with forward zones. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users