On 04/01/2022 03:52, Grant Taylor via bind-users wrote:
If I'm allowing recursion and authoritative on the same server, I'd have
the recursive + authoritative server do secondary zone transfers off of
the internal MS-DNS / AD server. That way the clients can get the info
off of the first server they talk to.
To me, the secondary copy of the zone is a form of authoritative
information on the otherwise recursive server.
Better yet, use BIND's mirror zones feature so that the zone is also
DNSSEC validated.
IMHO, the strictures against running authoritative and recursive on the
same server seem to get mis-applied a lot of the time. I think it's
perfectly fine for an *internal* recursive server to also hold
authoritative copies of your own zones.
Ray
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users