Feature request - disable internal recursion cache
Kevin Darcy
kcd at chrysler.com
Mon Nov 2 20:57:58 UTC 2009
Barry Margolin wrote:
> In article <mailman.834.1256928257.14796.bind-users at lists.isc.org>,
> Kevin Darcy <kcd at chrysler.com> wrote:
>
>
>> Chris Thompson wrote:
>>
>>> On Oct 30 2009, Michael Hare wrote:
>>>
>>>
>>>> For those of us that are still running auth and recursive on the same
>>>> IP, I believe the benefit would be to deploy a best practices
>>>> recursive only nameserver on a different machine/IP address without
>>>> getting, in my case, possibly hundreds of thousands of clients to
>>>> change their DNS resolver IP address.
>>>>
>>> Put the authoritative-only nameservers at the new IP addresses, keeping
>>> the recursive ones at the original IP addresses.
>>>
>>> Been there, done that!
>>>
>>>
>> Well, except then you need to update all of your delegations. That can
>> not only be an administrative hassle, but can also get very expensive,
>> especially if you have hundreds of them in ccTLDs, where you have to pay
>> your "in-country agent" a fee for every registry change. It's quite a
>> racket.
>>
>
> You don't have to change all the domain registrations. You just have to
> change the A records of the nameserver names. Hopefully you haven't
> done something silly like use different nameserver names for each domain.
>
Unfortunately, the reality of the situation is that many folks have taken
http://cr.yp.to/djbdns/notes.html#gluelessness to heart, despite its
obsolescence, and consider all delegations which *don't* point to names
in the specific domain which is being delegated, to be "glueless" and in
some way inferior to "in-bailiwick" delegations.
So the practice of delegating to domain-unique nameserver names, is
rather rampant, and it means many folks would have to update a *lot* of
records, if they changed the address(es) of their authoritative
nameserver(s). It's not a trivial change at all.
- Kevin
More information about the bind-users
mailing list