nanog mailing list archives

Re: AW: Odd policy question.

From: Randy Bush <randy () psg com>
Date: Fri, 13 Jan 2006 12:07:11 -1000

it is a best practice to separate authoritative and recursive  
servers.

why?

Because it prevents stale, authoritative data on your nameservers  
being returned to intermediate-mode resolvers in the form of  
apparently authoritative answers, bypassing a valid delegation chain  
from the root.


and thereby hiding the fact that someone has either lame delegated
or i have forgotten to remove an auth zone, both cases i want to
catch.  not a win here.

randy

Current thread:

AW: Odd policy question. John van Oppen (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
  - Re: AW: Odd policy question. Michael Loftis (Jan 13)
    - Re: AW: Odd policy question. Randy Bush (Jan 13)
    - Re: AW: Odd policy question. Steven M. Bellovin (Jan 13)
  - Re: AW: Odd policy question. Joe Abley (Jan 13)
    - Re: AW: Odd policy question. Randy Bush (Jan 13)
    - Re: AW: Odd policy question. Joe Abley (Jan 13)
    - Re: AW: Odd policy question. David W. Hankins (Jan 13)
    - Re: AW: Odd policy question. Randy Bush (Jan 13)
    - Re: AW: Odd policy question. David W. Hankins (Jan 13)
    - Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 13)
    - Re: AW: Odd policy question. Sean Donelan (Jan 13)
    - Re: AW: Odd policy question. Joe Abley (Jan 13)
    - Re: AW: Odd policy question. william(at)elan.net (Jan 13)
    - Re: AW: Odd policy question. Martin Hannigan (Jan 13)
    - Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 14)

(Thread continues...)