There are several problems with your idea. First, the configured > namservers in resolv.conf are caching servers, not authoritative > servers. You never configure an auth server to act as a cache. Yes, it > can be done. No, it's an awful idea and things break horribly. > > Hi Alan,
What breaks if you have caching and auth on the same server? I have been running my tiny home network this way for years. The local domain is properly delegated, but if you just wont a local domain that's not necessary. > Secondly, nothing else on your network can know your auth server is > authoritative without first being informed so by the delegating server. > Or in other words, if you own example.com and an auth server for > example.com is on your network, you have to first go via .com to know > that. Weird, but that's how it works. > AFAIK clients simply request service from whatever's configured in their /etc/resolv.conf (recursive query). They dont need to know whether the DNS server is authoritative or not, and they dont need to know anything about delegation status as they are not performing iterative queries. As long as all caching servers on your network are also authoritative for the zone, or have forwarders for that zone to an authoritative server, it works. Right? Bind doesnt do iteration on zones its authoritative for - i just tested with a dummy domain.
