nanog mailing list archives
Re: AW: Odd policy question.
From: Randy Bush <randy () psg com>
Date: Fri, 13 Jan 2006 12:07:11 -1000
it is a best practice to separate authoritative and recursive servers.why?Because it prevents stale, authoritative data on your nameservers being returned to intermediate-mode resolvers in the form of apparently authoritative answers, bypassing a valid delegation chain from the root.
and thereby hiding the fact that someone has either lame delegated or i have forgotten to remove an auth zone, both cases i want to catch. not a win here. randy
Current thread:
- AW: Odd policy question. John van Oppen (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. Michael Loftis (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. Steven M. Bellovin (Jan 13)
- Re: AW: Odd policy question. Joe Abley (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. Joe Abley (Jan 13)
- Re: AW: Odd policy question. David W. Hankins (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. David W. Hankins (Jan 13)
- Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 13)
- Re: AW: Odd policy question. Sean Donelan (Jan 13)
- Re: AW: Odd policy question. Joe Abley (Jan 13)
- Re: AW: Odd policy question. william(at)elan.net (Jan 13)
- Re: AW: Odd policy question. Martin Hannigan (Jan 13)
- Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 14)
- Re: AW: Odd policy question. Michael Loftis (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)