>>> it is a best practice to separate authoritative and recursive >>> servers. >> why? > Because it prevents stale, authoritative data on your nameservers > being returned to intermediate-mode resolvers in the form of > apparently authoritative answers, bypassing a valid delegation chain > from the root.
and thereby hiding the fact that someone has either lame delegated or i have forgotten to remove an auth zone, both cases i want to catch. not a win here. randy
