Unapproved AXFR?

[Dave Wreski]

> Anything else, like split DNS, requires more work to set up and has ongoing
> maintenance effort.  You need to have a good reason to do this, to justify
> the work.  But they don't feel the need for strong justification to add an
> "allow-transfer" line to the named.conf, and I hardly blame them.  Unless
> they're deluding themselves into thinking that this is real data
> protection, I see no problem with it.

I had a question about split DNS, actually.  Is there really much
difference between configuring split DNS and creating zones that are not
resolvable from unauthorized domains?  Now that bind8 has allow-query, it
seems less of an advantage...

Thanks,
Dave