In article ,
"Darcy Kevin (FCA)" wrote:
> Other than the master server(s), where there is no choice but to be
> authoritative, at one end of the spectrum, and border resolvers, for which
> there is no choice but to be non-authoritative (since it's not practical to
> replicate data for the vas
On Wed, Feb 21, 2018 at 8:18 AM, Tony Finch wrote:
> Evan Hunt wrote:
> >
> > One thing to keep in mind, though, is that the two services will share
> each
> > other's fates. If I were deploying a really big high-traffic server, I
> > might consider whether I wanted my recursive service to have
Evan Hunt wrote:
>
> One thing to keep in mind, though, is that the two services will share each
> other's fates. If I were deploying a really big high-traffic server, I
> might consider whether I wanted my recursive service to have to wait for
> all the zones to load before it could function, or
On Tue, Feb 20, 2018 at 11:41:37PM +, Darcy Kevin (FCA) wrote:
> Call me a contrarian, but I've never really signed onto the conventional
> wisdom that recursive and authoritative roles should never be mixed, even
> as I've transitioned into the InfoSec realm, where, generally speaking,
> we ar
- Kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark
Elkins
Sent: Tuesday, February 20, 2018 2:58 AM
To: bind-users@lists.isc.org
Subject: Re: questions on allow-query
Reading between the lines - it so
Reading between the lines - it sounds like you may be mixing nameserver
roles, recursion with authoritative.
This is not a good idea and is why other Nameserver software (NSD,
UNBOUND and others) either perform one role or the other. I understand
that BIND-10 was also designed like this - separate
On Mon, Feb 19, 2018 at 03:51:42PM -0700, @lbutlr wrote:
> If I set
>
> allow-query { 127.0.0.1; [myipblock]; }
>
> Then my DNS doesn't respond to any other servers, right? This would be
> bad for being authoritative. so, should I set that and then set
> allow-query { any; }; in each zone?
>
>
If I set
allow-query { 127.0.0.1; [myipblock]; }
Then my DNS doesn't respond to any other servers, right? This would be bad for
being authoritative. so, should I set that and then set allow-query { any; };
in each zone?
Is that better than simply setting the IPs that are allowed recursion?
8 matches
Mail list logo