On 2/18/12 12:57 AM, Doug Barton wrote: > > To clarify, almost universally the opposition to the idea centers around > the problems of users who enable this method, and then don't notice if > something changes/breaks, resulting in a stale zone (or zones, depending > on what you choose to slave). I have always acknowledged that this is a > valid concern, just not one that I think overwhelms the virtues of doing > the slaving in the first place. >
Could you elaborate on the "something changes/breaks, admin doesn't notice, results in a stale zone" bit ? I fail to see the circumstances under which that could happen. > The method currently in comments in /etc/namedb/named.conf suggests > servers generously provided by ICANN that are dedicated to allowing AXFR > of various infrastructure zones. (Note, ICANN does not necessarily > endorse the idea of slaving these zones for resolvers, but I do have > their permission to include these servers in our named.conf.) That > alleviates one of the other criticisms of slaving these zones, as it > presents no load on the actual root servers at all. > > So in short, this is an excellent idea, I've been doing it/recommending > it for years, and assuming you have the knowledge/ability to keep your > resolvers up to date (and/or you're tracking our named.conf where I do > it for you) then it's totally safe to do. > Indeed, been deleting the traditional hint file based . zone for a while and using the slaving mechanism for over a year already, works fine enough for us. You have me somewhat worried with the bit about something breaking though, thus the call for details ;) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
