selecttest tool
Andrey G. Sergeev (AKA Andris)
andris at aernet.ru
Wed Aug 13 22:15:39 UTC 2008
Hello Kevin,
Wed, 13 Aug 2008 17:37:28 -0400 Kevin Darcy wrote:
>>> I don't know the answer to this question, but your operational
>>> environment seems to be extraordinary in some points:
>>>
>>> - it's acting both as an authoritative and as a caching server
>>>
>> To Walter Gould: I think it's time to expand your operational
>> environment. Try to distribute the DNS-related tasks over two - or
>> more, if required - machines. Let the first server acts as
>> auth-only server for the zones you are in control of and the second
>> as a cache engine *only*. This configuration seems to be more
>> flexible, reliable and also secure.
>>
> Let's be clear here: there's nothing *inherently* wrong with running
> authoritative nameservers and a recursive resolver on the same
> machine or even within the same nameserver instance, using views.
>
> The unusual thing here is that in Walter's case both of these functions
> are *high-volume* and combining them in a single instance may be
> straining BIND's architectural limits.
>
> I agree that separating the authoritative nameservice and recursive
> resolution services to separate instances or separate machines, would
> be the logical next step in addressing this problem.
You're quite right here. Nothing to add!
--
Yours sincerely,
Andrey G. Sergeev (AKA Andris) http://www.andris.name/
More information about the bind-users
mailing list