At Thu, 8 Oct 2009 10:41:20 -0400 (EDT), Paul Wouters <[email protected]> wrote: Subject: Re: [Unbound-users] NOTIFY implementation to unbound > > On Thu, 8 Oct 2009, Marcus Alves Grando wrote: > > > The main idea is create one way to recursive server keep all my zones > > freshly, without update all process or less as possible. > > Would using a forward zone address this? > > # Forward zones > # Create entries like below, to make all queries for 'example.com' and > # 'example.org' go to the given list of servers. These servers have to handle > # recursion to other nameservers. List zero or more nameservers by hostname > # or by ipaddress. Use an entry with name "." to forward all queries. > # forward-zone: > # name: "example.com" > # forward-addr: 192.0.2.68 > # forward-addr: 192.0.2...@5355 # forward to port 5355. > > The description does not make it clear whether or not the responses are > always forwarded, or whether they are cached.
I've been wondering the same thing for a long time now. I think based
on my experience with one site where I've set up unbound using
forward-addr they are cached, which would-be/is (IMHO) wrong.
Ultimately though I like the NOTIFY solution best.
Sites converting from BIND will already be using NOTIFY.
The so-called "security" issue for NOTIFY is a bunch of FUD-mongering.
There are several ways to make sure unauthorised NOTIFY messages don't
cause any harm.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <[email protected]>
Planix, Inc. <[email protected]> Secrets of the Weird <[email protected]>
pgp9vrFM01btZ.pgp
Description: PGP signature
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
