Many people are using /28 and /29 nets and some have only a single IP address assigned to them by, in some cases, the only ISP in town. Yet, they want to take control of their DNS _and_ not be prone to attacks such as cache poisoning. Why should they be forced to use up two precious or non-existent IP addresses when the limitation is really artificial?
In that case, they can run a recursive resolver on 127.0.0.1 and the authoritative server on their officially assigned IP address. Just because they've got only one officially assigned IP address doesn't mean that they can't run both a caching recursive resolver and an authoritative server on the same box.
I still recommend separating the services and running them on separate machines (where possible), but you can run two copies of the nameserver on the same machine, each listening to different IP addresses.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
