On 02/07/2016 05:54 PM, Reindl Harald wrote:
why?
(I believe I answered your question in the subsequent paragraph. If not let me know and I'll try again.)
that's not a reason for not list one of them as SOA
None of the slaves are the SOA. (Further, I'm not aware of them having been configured for forward any updates, even if I allowed them, to the real master.) So listing one of them as the SOA would be a lie.
the salve don't need the SOA because it's typically configured to use whatever server as master which allows zone transfers, frankly you can even chain slaves pulling zones from other slaves
I know that slaves don't need (utilize) the SOA. That's not why I have my master listed in the SOA.
I have my master listed in the SOA because 1) it is the actual master and 2) I have no reason to lie and put something else.
My master is not listed as an NS because I don't want general queries going to it. Seeing as how I have five other NS servers, I see no need to list the master.
Yes, I'm aware that you can chain slave servers. (Though I would hope that you have a good reason for doing so. Where "good reason" is more compelling than just to make some validator that doesn't understand my config happy.)
that it's in general a good idea to use validation services and follow them
I'm taking "general" to be the key word. Namely that it applies to a very common configuration. I consider my configuration to be less than common (but not rare). As such, I have no problem with not following this particular suggestion.
the answer is: we are doing that for more than 10 years now
Thank you for your answer. -- Grant. . . . unix || die _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
