On 03/14/2013 03:54 PM, Mark Andrews wrote:
Please stop using "root servers" when you mean "parent servers". They are *not* the same. The root servers are only parent servers for tld.
You're right, my bad.
There are authoritative servers and listed authoritative servers. The two sets are usually the same. When properly configured listed authoritative servers are a subset of authoritative servers. When you have overlapping or disjoint sets there is a configuration error. Now all authoritative servers serve the same zone content modulo zone transfer delay unless one is running a split horizon configuration. One of the usual reasons for running split horizon is to handle RFC 1918 / ULA addresses where the public version of the zone matches the private version of the zone with the RFC 1918 / ULA addresses stripped out. Doing this is straight forward with RFC 103[45] DNS. It is a little more complicated with DNSSEC.
So the bottom line is that unlisted authoritative servers are ok even in the face of DNSSec. That's good news. Mike _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet