On Tue, 7 Mar 2000, Chris Wagner wrote:
> At 02:20 AM 3/7/00 -0800, t s a d i wrote: > >is, is it OK if the DNS server registered on InterNic as authoricative > >is not a master but just a slave w/c depends on its data from an > >external/different DNS server ? > > As long as the servers listed by InterNIC give out correct DNS info, it > shouldn't matter. You might have some strange behaviour if something wants > an authoritative answer but I doubt it. > You have some mistaken opinion about DNS authority. A slave DNS server is an authoritative DNS server. Only cached DNS data is not an authoritative source of information. IMHO best security for DNS services is to get their data from an unpublished third DNS server, and publish two slave servers for the registrar. This way neither of the DNS servers can be bombarded with false update requests forged to come from the master since the master should be unknown for outsiders. This way the slave DNS data cannot be poisoned. Robert Varga
