I have several recursive, caching BIND servers that were running the
Redhat package of BIND. Our servers started crashing because of a bug
(previously identified AND fixed by ISC) so we've decided to ditch that
version and run from source, 9.9.1-P3. (I'm still not sure why redhat
decided to use the rc1 version of source on which to build their rpm ...
seriously ... the bug that hit us was fixed in rc2 AND the final release)
The current servers are configured to forward any queries for our domain
straight to our authoritative servers:
zone "utexas.org" IN {
type forward;
forwarders {
128.83.185.39;
129.116.136.5;
};
};
I've been reading about the new zone type: static-stub and believe
this may work better for us.
zone "utexas.org" IN {
type static-stub;
server-addresses {
128.83.185.39;
129.116.136.5;
};
};
If I'm correct, it will send non-recursive queries to the listed servers
and will honor delegations. I've tested this configuration in our lab
and it all appears to be working.
With our configuration, are there any downsides to changing from forward
zones to static-stub? Any gotchas I should know about? At this time we
don't have dnssec validation turned on. We tried it and had too many
problems with misconfigured domains not resolving properly so backed out.
Oscar
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
