On Wed, Nov 09, 2016 at 01:11:16AM +0000, Baird, Josh wrote:
I'm not quite sure why you would have your caching servers forward to
other DNS servers (Google, OpenDNS, etc). I would enable recursion
on them and would not forward anything. I would also consider
making these caching servers at each location slave your *internal*
authoritative zones (or views) to override recursion.
On 08.11.16 17:15, Ray Van Dolson wrote:
A couple thoughts on this:
1) The external caches tend to be pretty "close" latency wise and
presumably have a very large cache to pull from. My belief is we'd
probably see lower average response times for queries *not* already
cached this way....
2) Security folks prefer external access to fewer IP's. Simpler red
tape wise I guess.
I don't know hot big security is to rely on external DNS provider you don't
have contract with...
shorter path should make better results and forwarding makes the path longer...
if you are going the multi-AD way, simply forward from requests from AD to a
few BIND caching servers (slaving your internal zones) that will have access
to outside.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
