Barry has a good point. I've seen cases where folks have added all of the Domain Controller addresses for an AD forest to the NS list for a domain. This results in huge TCP response packets for ALL requests to that domain. Folks don't seem to get the concept of stealth slaves and the associated NOTIFY options to keep things current. (As an alternative to shortening the REFRESH time for a domain)
Best, Bob
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
