On 02/18/2012 03:23, Damien Fleuriot wrote:
>
> On 2/18/12 12:57 AM, Doug Barton wrote:
>>
>> To clarify, almost universally the opposition to the idea centers around
>> the problems of users who enable this method, and then don't notice if
>> something changes/breaks, resulting in a stale zone (or zones, depending
>> on what you choose to slave). I have always acknowledged that this is a
>> valid concern, just not one that I think overwhelms the virtues of doing
>> the slaving in the first place.
>>
>
> Could you elaborate on the "something changes/breaks, admin doesn't
> notice, results in a stale zone" bit ?
Most commonly whatever auth. server the user is axfr'ing from suddenly
stops offering that ability.
> I fail to see the circumstances under which that could happen.
I tend to agree, which is why I weight this particular objection pretty
low. If you don't notice failed axfrs, you've already got deeper
problems. :)
To be fair however, there are a lot of people who believe (rightly or
wrongly) that resolving DNS should be a "fire and forget" service. Those
of us who do this for a living know that this was never true, and DNSSEC
makes that even less true. However, if you happen to be one of those
people, this method is not for you.
> Indeed, been deleting the traditional hint file based . zone for a while
> and using the slaving mechanism for over a year already, works fine
> enough for us.
I'm glad to hear that. Makes me feel that my efforts in this area have
been worthwhile.
> You have me somewhat worried with the bit about something breaking
> though, thus the call for details ;)
Understood. You don't seem to be the type of operator who is likely to
run afoul here, FWIW.
Doug
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
