Would they be receptive to letting you slave the zone? At least then you’d have
the whole EXPIRE time before the names stopped resolving.
If they’re concerned about security, then the transfers could be locked down by
source IP address, or, if their software supports it, TSIG key.
One of the downsides of slaving, of course, is that changes might take a while
to replicate, unless NOTIFY is set up.
- Kevin
[FCA_Pantone_email]
----------------------------------------------------------------------
Kevin Darcy
NAFTA Information Security Projects
FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA
Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.da...@fcagroup.com
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ron
Sent: Friday, March 18, 2016 4:46 AM
To: G.W. Haywood
Cc: bind-users@lists.isc.org
Subject: Re: Can bind be configured to not drop RR's from the cache when the
upstream DNS server is unresponsive
On Fri, Mar 18, 2016 at 12:12 AM, G.W. Haywood
<b...@jubileegroup.co.uk<mailto:b...@jubileegroup.co.uk>> wrote:
Hi there,
On Thu, 17 Mar 2016, Ron wrote:
... in this case it's a supplier who is unable to keeps his DNS servers
working, and we just want to keep the connectivity.
I'd just put something in /etc/hosts and send myself an email every
month or so to remind me I'd done that.
This is what we're currently using, but it has the downside of not picking up
ip address changes.
Ron
--
73,
Ged.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
