forwarding to a child zone is different!!
Kevin Darcy
kcd at daimlerchrysler.com
Wed Apr 25 21:41:37 UTC 2001
Brad Knowles wrote:
> At 10:04 PM -0400 4/24/01, Kevin Darcy wrote:
>
> > So am I "clueless" because I'm effectively mixing authoritative
> > with non-authoritative data, recursing some of the time but not always? I
> > don't think so (obviously). I'm just tuning my nameservers to my local usage
> > patterns.
>
> You are certainly risking the propagation of polluted caches,
> which would at the very least be much, much less likely if the
> caching servers were not authoritative for anything.
Huh? I don't follow. You seem to be implying that being authoritative makes cache
pollution more likely. Seems like it should be the other way around, i.e. if you're
authoritative for a zone, then all of that data is of high "credibility" and thus
less subject to poisoning.
> Moreover, the
> method of caching and the TTLs used, etc... should ensure that most
> of those records would stay locally available (at least, those that
> are used) even if the servers in question weren't authoritative.
>
> Therefore, they shouldn't need to be authoritative for the zones
> in question in order to ensure good performance, and if they do, I
> submit that you probably have larger problems you need to solve and
> that trying to "fix" them with your nameserver is an ill-conceived
> band-aid to be applying.
More information about the bind-users
mailing list