forwarding to a child zone is different!!

[Kevin Darcy]

Brad Knowles wrote:

> At 10:04 PM -0400 4/24/01, Kevin Darcy wrote:
>
> >             So am I "clueless" because I'm effectively mixing authoritative
> >  with non-authoritative data, recursing some of the time but not always? I
> >  don't think so (obviously). I'm just tuning my nameservers to my local usage
> >  patterns.
>
>         You are certainly risking the propagation of polluted caches,
> which would at the very least be much, much less likely if the
> caching servers were not authoritative for anything.

Huh? I don't follow. You seem to be implying that being authoritative makes cache
pollution more likely. Seems like it should be the other way around, i.e. if you're
authoritative for a zone, then all of that data is of high "credibility" and thus
less subject to poisoning.

> Moreover, the
> method of caching and the TTLs used, etc... should ensure that most
> of those records would stay locally available (at least, those that
> are used) even if the servers in question weren't authoritative.
>
>         Therefore, they shouldn't need to be authoritative for the zones
> in question in order to ensure good performance, and if they do, I
> submit that you probably have larger problems you need to solve and
> that trying to "fix" them with your nameserver is an ill-conceived
> band-aid to be applying.