In message <[email protected]>, Michael Thomas writes: > On 03/14/2013 03:27 PM, Mark Andrews wrote: > > > > You are missing the point. BIND+DHCPD can do all the above too. > > It is the senario described as CER hosting above. I've been running > > that at home with BIND+DHCPD since before dnsmasq existed. > > > > What BIND, dnsmasq or any other server can't do is muti-master there > > is no specification on how to do it. DNSEXT punted this work over > > decade ago. > > > > I was pretty sure this scenario was really a configuration thing that > didn't require any further protocol work, but I'm still sort of bugged by > my CER answering authoritatively when it's not an authoritative server > according to the root servers. Is that legitimate? Would that cause issues > with, say, DNSSec? The CER is essentially spoofing my domain when you > come right down to it, even if that's what I want it to do.
Please stop using "root servers" when you mean "parent servers". They are *not* the same. The root servers are only parent servers for tld. There are authoritative servers and listed authoritative servers. The two sets are usually the same. When properly configured listed authoritative servers are a subset of authoritative servers. When you have overlapping or disjoint sets there is a configuration error. Now all authoritative servers serve the same zone content modulo zone transfer delay unless one is running a split horizon configuration. One of the usual reasons for running split horizon is to handle RFC 1918 / ULA addresses where the public version of the zone matches the private version of the zone with the RFC 1918 / ULA addresses stripped out. Doing this is straight forward with RFC 103[45] DNS. It is a little more complicated with DNSSEC. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
