-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quick comments:
Closing down a recursive server is a very good idea. The world thanks you. You might want to consider using TSIG to handle who can AXFR/IXFR your zone. This will mean you don't need to list IP addresses in your allowable transfer list. This also means you can bring up new servers, or have a key you allow people to use to transfer the zone, without worrying if the administrator on the other end changes the IP address. Also realize that for pool.ntp.org to be up, you are requiring that three zones always be up now: ntp.org, ntpns.org, and pool.ntp.org. This is one reason why having a zone just for NS records is bad; it's better to let the DNS servers use whatever domain they are in. With EDNS0, the 512-byte limit is less of an issue, and more than 40% use that DNS feature now. - --Michael Adrian von Bidder wrote: > Hi all, > > Could those with DNS expertise please take a quick look at 193.138.215.60 > (c.ntpns.org or zbasel.fortytwo.ch)? Since I noticed that some random > people where using it as DNS server (outside of pool.ntp.org services), I'm > now denying everything but service for the zones the server is > authoritative for. ... and I just hope there's no mistake. > > I also deny zone transfers for pool.ntp.org now, except for 217.114.97.99 > (this is the only one who is close to one of the official nameservers, and > it's regularly doing zone transfers. 217.114.97.98 is d.ntpns.org.) Zone > transfers should really happen from 216.52.237.236, right? > > cheers > -- vbi > > > > ------------------------------------------------------------------------ > > _______________________________________________ > timekeepers mailing list > [email protected] > https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFGrhfYuzMQWQwZDN0RAihXAJ47571/OgtY0JhOmHXuqAQd+H1BrwCfbs8A haTHh6LXLq88eTGADljmzg4= =jxym -----END PGP SIGNATURE----- _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
