Home page logo
/

nanog logo nanog mailing list archives

Re: AW: Odd policy question.
From: Randy Bush <randy () psg com>
Date: Fri, 13 Jan 2006 12:07:11 -1000


it is a best practice to separate authoritative and recursive  
servers.
why?
Because it prevents stale, authoritative data on your nameservers  
being returned to intermediate-mode resolvers in the form of  
apparently authoritative answers, bypassing a valid delegation chain  
from the root.

and thereby hiding the fact that someone has either lame delegated
or i have forgotten to remove an auth zone, both cases i want to
catch.  not a win here.

randy


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]