Hello Kevin,
Wed, 13 Aug 2008 17:37:28 -0400 Kevin Darcy wrote: >>> I don't know the answer to this question, but your operational >>> environment seems to be extraordinary in some points: >>> >>> - it's acting both as an authoritative and as a caching server >>> >> To Walter Gould: I think it's time to expand your operational >> environment. Try to distribute the DNS-related tasks over two - or >> more, if required - machines. Let the first server acts as >> auth-only server for the zones you are in control of and the second >> as a cache engine *only*. This configuration seems to be more >> flexible, reliable and also secure. >> > Let's be clear here: there's nothing *inherently* wrong with running > authoritative nameservers and a recursive resolver on the same > machine or even within the same nameserver instance, using views. > > The unusual thing here is that in Walter's case both of these functions > are *high-volume* and combining them in a single instance may be > straining BIND's architectural limits. > > I agree that separating the authoritative nameservice and recursive > resolution services to separate instances or separate machines, would > be the logical next step in addressing this problem. You're quite right here. Nothing to add! -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/
