If you allow remote servers to query your recursive servers (even if you
only allow RD=0 access to your authoritative zones), then it's very easy
for miscreants to deny service to your users. My resolvers reject TCP
connections from outside our network to avoid this issue, amongst other
techniques.
> On 11 Jun 2019, at 19:40, Jonas Frey wrote:
>
> I do see 3 major benefits to combine/unify these:
> - "saving" IP addresses (depending of how many you run of course[1])
> - less effort managing (not having multiple places for configuration
> thus unifiying [automated] setup)
> - saving ressou
