Forwarding environment questions

[Måns Nilsson]

--On måndag, måndag 26 nov 2007 09.50.46 -0600 "Baird, Josh"
<jbaird at follett.com> wrote:
> Mark,
> 
> In order to serve existing clients, our internal authoritative servers
> need to be able to answer recursive queries as well. 

Which is another way of saying "Your clients are very accustomed of getting
replies to recursive queries from servers carrying certain IP adressesm and
that currently hold your authoritative zone." And once that is established,
the solution is clear -- setup new master and slave servers, and migrate
from the present IP adressses, keeping the present ones for recursive
service only.  

> Are you saying
> that I should have all of my authoritative slave servers be caching
> servers as well and answer recursive queries directly?  I was under the
> impression that it was a better practice to have these authoritative
> servers forward to caching only servers for recursive queries?

Forwarding configrations are harder to debug and intended only for the most
Rube Goldbergish setups, where, often under the auspices of "security",
people tie themselves into impressive knots to accomplish the simplest
things. 

If you have, as many do, a setup where an internal version of the zone
needs to be distributed to internal machines, while letting external
services and consumers view another set of data, then, you should have a
set of servers for recursion inside. Further, you should have master and
slave servers, with views, which makes them able to distinguish inside from
outside, so that they can serve the right kind of zone to the right kind of
client, inside or outside.

-- 
MÃ¥ns Nilsson                     Systems Specialist
+46 70 681 7204   cell                       KTHNOC
+46 8 790 6518  office                  MN1334-RIPE

MY income is ALL disposable!