Barry Margolin wrote:
In article <mailman.834.1256928257.14796.bind-us...@lists.isc.org>,
Kevin Darcy <k...@chrysler.com> wrote:
Chris Thompson wrote:
On Oct 30 2009, Michael Hare wrote:
For those of us that are still running auth and recursive on the same
IP, I believe the benefit would be to deploy a best practices
recursive only nameserver on a different machine/IP address without
getting, in my case, possibly hundreds of thousands of clients to
change their DNS resolver IP address.
Put the authoritative-only nameservers at the new IP addresses, keeping
the recursive ones at the original IP addresses.
Been there, done that!
Well, except then you need to update all of your delegations. That can
not only be an administrative hassle, but can also get very expensive,
especially if you have hundreds of them in ccTLDs, where you have to pay
your "in-country agent" a fee for every registry change. It's quite a
racket.
You don't have to change all the domain registrations. You just have to
change the A records of the nameserver names. Hopefully you haven't
done something silly like use different nameserver names for each domain.
Unfortunately, the reality of the situation is that many folks have taken
http://cr.yp.to/djbdns/notes.html#gluelessness to heart, despite its
obsolescence, and consider all delegations which *don't* point to names
in the specific domain which is being delegated, to be "glueless" and in
some way inferior to "in-bailiwick" delegations.
So the practice of delegating to domain-unique nameserver names, is
rather rampant, and it means many folks would have to update a *lot* of
records, if they changed the address(es) of their authoritative
nameserver(s). It's not a trivial change at all.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users