On 24.06.11 13:39, David Coulthart wrote:
Currently the two recursive caching nameservers for clients on our
network are also authoritative for a few zones. In particular, they
are authoritative for:
1) our main forward zone (columbia.edu) in order to provide an
internal view of the zone
2) RFC 1918 reverse zones (e.g., 10.in-addr.arpa)
Then they do exactly what internal nameservers are supposed to do.
I would like to follow best practices by separating authoritative &
recursive functionality.
The practice comes out of the need to provide correct DNS data in case
you have configured a zone that is not anymore delegated to your server
and is obsolete.
This practice appears not to apply for your company's main domain,
unless you loose it and someone else claims it.
Especially if it's your internal version.
Therefore, I see no need for you to configure new server for those
zones, you seem to have exactly what you need.
Also, when I sign these zones, I would like the recursive nameservers
to respond with the AD bit set instead of AA.
I don't see any reason why you should sign the internal and rfc1918
(and probably rfc5735) zones. What is the point of wanting this?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
