Darcy Kevin (FCA) <kevin.da...@fcagroup.com> wrote: > "Separate authoritative and recursive functions" is really a simplistic > approach to a complex challenge. I think a better approach is to make > both the published-authoritative function and the recursive-resolution > functions robust enough *in*and*of*themselves* so that there is no value > to an attacker taking down a single node or instance for either > function. At that point, it doesn't matter whether you mix > published-authoritative with recursive, or not.
However, you should consider failure scenarios, e.g. loss of external connectivity, or loss of power. In particular it is a very good idea for your on-site recursive servers to be able to resolve your internal names without needing to iterate from the root, because they can't do that when your external link is down. An easy way to do this is to make your recursive servers authoritative for your internal zones, and this has the added advantage of isolating them from failures in other parts of your DNS infrastructure. When you are bringing everything up after a power outage, it is very helpful if your recursive servers can come up and start working without anything else being up and working - avoids cyclic dependencies. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Irish Sea: Southwest 5 or 6, veering northwest 3 or 4. Slight, occasionally moderate at first. Showers, fair later. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
