DNS Propagation
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Oct 15 03:21:58 UTC 2010
On Thu, Oct 14, 2010 at 04:04:20PM -0300,
João Alberto Kuchnier <joao.kuchnier at gmail.com> wrote
a message of 148 lines which said:
> Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving
> 'guide.opendns.com/A/IN': 200.198.101.4#53
>
> 200.198.101.3 -> Master
> 200.198.101.4 -> Slave
Master and Slave have a meaning only for authoritative DNS service
(serving zones you manage). Here, you try to resolve the name
guide.opendns.com which is probably not yours, so this is the
recursive service, not the authoritative one. It is highly recommended
to separate the two services (to have them on different BIND
instances, for instance on different machines), to ease debugging.
The two must have quite different setups: for the authoritative
service, you will deny recursion, and allow the whole world to query
your name server. For the recursive service, it is the opposite: you
allow recursion but you limit the right to query to only your
machines.
More information about the bind-users
mailing list