I think the one big drawback for me is the loss visibility and control for the
root operators. As an example, DITL, what value will that have if only subset
of queries make it to root servers? Will DNS-OARC have to collect logs from all
these loopback authoritative slave recursive?
-1 for
The question at the end of this post was a serious one, FWIW.
On 11/17/14 3:39 PM, Doug Barton wrote:
On 11/17/14 2:50 PM, Evan Hunt wrote:
On Mon, Nov 17, 2014 at 02:16:22PM -0800, Doug Barton wrote:
That seems like something that should be fixable in BIND, yes? (And
thanks for doing that
I agree: the validate everything knob seems like a win/win.
I would also like the option of verifying a DNSSEC domain when I do a zone
transfer, because that might be more efficient.
--
Bob Harold
University of Michigan
On 11/17/14 3:39 PM, Doug Barton wrote:
On 11/17/14 2:50 PM, Evan Hunt
On Nov 20, 2014, at 9:19 AM, Doug Barton do...@dougbarton.us wrote:
The question at the end of this post was a serious one, FWIW.
If I understand it correctly, the question is a feature request for
BIND/NSD/whatnot, not an issue with the draft, correct? That is, I think you
are asking for your
On 11/20/14 9:34 AM, Paul Hoffman wrote:
On Nov 20, 2014, at 9:19 AM, Doug Barton do...@dougbarton.us wrote:
The question at the end of this post was a serious one, FWIW.
If I understand it correctly, the question is a feature request for
BIND/NSD/whatnot, not an issue with the draft,
I can see where validate on zone transfer would be a feature request.
And validate everything similarly.
For the draft, could a small paragraph be added explaining the difference
between using a separate view for the root zone and just loading it in the
same view, so that people like me realize
On Nov 20, 2014, at 10:20 AM, Bob Harold rharo...@umich.edu wrote:
I can see where validate on zone transfer would be a feature request. And
validate everything similarly.
For the draft, could a small paragraph be added explaining the difference
between using a separate view for the root
Jacques,
On Nov 20, 2014, at 9:11 AM, Jacques Latour jacques.lat...@cira.ca wrote:
I think the one big drawback for me is the loss visibility and control for
the root operators.
Lack of comprehensive statistics would indeed be an issue (I'm not going to
comment on the control bit of your
Thanks Paul,
I use BIND, but am not an expert. Based on the discussion I will
suggest some words and the experts can correct me:
Note: By using a separate view, the recursive view will do DNSSEC
validation on the responses it receives from the root view, which is
necessary for security. It
What about something like this:
When using BIND, or other software that can act as both a recursive and
authoritative server in the same instance, there is a tradeoff between
using a separate view (or separate instance) for slaving the root zone,
versus slaving the zone into the same view (or
On Thu, Nov 20, 2014 at 11:13:42AM -0800, Doug Barton wrote:
Slaving the zone into the same view/instance as the recursion has the
advantage that when changes happen to the data in the zone the recursive
view/instance will be updated as soon as it receives its copy of the
zone. When using a
On 11/20/14 11:27 AM, Evan Hunt wrote:
On Thu, Nov 20, 2014 at 11:13:42AM -0800, Doug Barton wrote:
Slaving the zone into the same view/instance as the recursion has the
advantage that when changes happen to the data in the zone the recursive
view/instance will be updated as soon as it receives
12 matches
Mail list logo