Split horizon and authoritative servers
Mathew Ian Eis
Mathew.Eis at nau.edu
Tue Apr 5 00:37:31 UTC 2016
Hi BIND,
I have a question about authoritative servers in a split horizon environment (suppose two views “internal” and “external”).
Is is necessary to have separate internal authoritative (listed in internal zone NS records, but not in whois or external NS records) servers, if the internal recursive servers are also authoritative (in the same way) slaves to an internal hidden master for the relevant zones?
It seems like cache poisoning should not be a concern, since the only servers listed in the (internal) NS records would as slaves always have full copies of relevant zones, and would not actually be recursing for those records. I can’t think of any other reason to separate the internal authoritative slaves and the internal recursive resolvers… am I missing anything obvious?
Thanks in advance,
Mathew Eis
Northern Arizona University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160405/5d304f9c/attachment.html>
More information about the bind-users
mailing list