Hi, On Tue, Jun 11, 2019 at 07:52:18PM +0200, Jonas Frey wrote: > If cache poising is beeing taken care of (be it via DNSSEC or else) > what other reasons are there to not combine both?
Well, the reason we separated these functions (like some 20 years ago)
was "provisioning of customer domains that are not delegated to us at
the corresponding TLD servers".
So, asking our recursives would give *different* answers than "the
formally correct one" if they also hold authoritative zones which
have not yet been delegated to us (or have been moved away from us,
and updated at their new ISP, while our zones have not yet been deleted
and still serve the old values).
The time window might be small, but serving wrong answers was not
acceptable for us.
OTOH, while not the original reason, we're quite happy with the decision
to split the function, because now we can mix and match DNS software
according to their strenghts - recursive runs unbound and pdns_recursor,
authoritative runs bind and knot. And possibly nsd one day. Without
having to consider "will this nice authoritative DNS software package
do recursive as well?"...
Can you explain why it would be desirable to *have* these unified?
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
