Bjørn Mork <bj...@mork.no> wrote:
>
> The reason I ask here first, is because RFC 7706 includes a BIND
> specific configuration example (as well as examples for other recursive
> server software). So before considering changing config or code, I
> wanted to know the background of that example. Was there a real reason
> for the obscure(?) "static-stub" zone type, or was that just an
> arbitrary choice?
The choice between "forward" and "static-stub" depends on whether the
target server offers recursive service or not. If it doesn't, then a BIND
resolver that is forwarding to the server can produce the wrong results,
because it is expecting a fully-resolved answer but doesn't get one.
It's a lot simpler to have a local copy of the root zone without any of
the view trickery, but then the resolver trusts the zone contents without
verifying them.
I think that if you are doing this on a production server, it would be
better to have external scripting to fetch and verify the root zone so you
can be sure you don't have an outage because the transfer got corrupted.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode
Rockall, Malin, Hebrides: West or southwest 5 or 6, occasionally 7 except in
Malin. Moderate or rough, occasionally very rough in north Hebrides.
Occasional rain or drizzle. Good, occasionally moderate.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
