nanog mailing list archives
Re: AW: Odd policy question.
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 14 Jan 2006 10:45:12 +0100
* Randy Bush:
it is a best practice to separate authoritative and recursive servers.why? e.g. a small isp has a hundred auth zones (secondaried far away and off-net, of course) and runs cache. why should they separate auth from cache?
Some registrars require that you begin to serve the domain before it's actually delegated to you. If you don't run a split setup, it might happen that you hijack someone else's domain. For example, some ISPs already serve .EU domains on their resolvers, although they haven't been delegated to them yet. A unified setup also means that customers can hijack domains (intentionally or not) if your registratry checks go wrong. And you don't notice if the delegation goes astray for some reason. The upside of a unified setup is that DNS continues to work even if you're disconnected from the Internet. It is somewhat easier to configure. And you aren't subject to DNS spoofing attacks for your own domains.
Current thread:
- Re: AW: Odd policy question., (continued)
- Re: AW: Odd policy question. Martin Hannigan (Jan 13)
- Re: AW: Odd policy question. Florian Weimer (Jan 14)
- Re: AW: Odd policy question. David W. Hankins (Jan 13)
- Re: AW: Odd policy question. William Yardley (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. David W. Hankins (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. bmanning (Jan 13)
- Re: AW: Odd policy question. Chris Owen (Jan 13)
- Re: AW: Odd policy question. Simon Lyall (Jan 13)
- Re: AW: Odd policy question. Florian Weimer (Jan 14)