On May 29, 2009, at 11:47 AM, Maria Iano wrote:
If I should not be sending this to this list please let me know.
Please let me know if you think I have this wrong:
Bare Minimum to be considered a usable DNS server (under limited
conditions):
When a zone is configured locally as a master or slave zone, only
hand out data from the local configuration. Do not accept records in
that zone into the cache that come from another server. Never hand
out data in that zone received from another server.
Desired Behavior to be considered a good working DNS server:
In addition to the above:
When a zone is configured locally as a stub zone, only accept into
cache records in that zone from the zone's name servers as
configured in the stub zone. Never hand out data from that zone
unless it was received from one of the zone's name servers.
When a zone is configured locally as a forward zone, only accept
records in that zone into the cache that come from the servers to
which the zone was specified to be forwarded. Never hand out data
from that zone unless it was received from one of the forwarders.
That doesn't sound too far off the mark to me, except for the bit
about stub zones. The server needs to be able to follow referrals out
of that zone, to subzones.
Remember that stub zones and forward zones actually affect the
resolver's behavior for domains, not just zones. (A domain = a zone +
all delegated subdomains.)
The rules you present are (a) a rule about preferring authoritative
data to cached data, and (b) two rules that form part of the basic
credibility tests of a resolving name server. More complete and formal
versions of the rules for these situations exist in the RFC's.
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
