[11182] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Michael Dillon)
Tue Jul 22 17:55:51 1997
In-Reply-To: <199707222024.NAA14009@wisdom.rc.vix.com>
Date: Tue, 22 Jul 1997 14:50:19 -0700
To: nanog@merit.edu
From: Michael Dillon <michael@priori.net>
> if you run these as authoritative-
>only (recursion disabled) then they will never fetch any data from anywhere.
>(the root name servers are configured this way, for example.) the downside
>is that you can't list such nameservers in your "resolv.conf" files or PC
>equivilents (Control Panel\\Networking\\TCP IP Settings, or some such rot.)
>this means you need more name servers if you separate recursive from non-
>recursive.
Correct me if I'm wrong, but this implies that nameservers whose sole
purpose is to act as primary and secondary for customer domains can run
with recursion disabled. I.e. all those nameservers whose identity is
readily discernable from public databases such as the Internic, RIPE, etc.,
could run in this configuration as long as they are not also intended to do
lookups for local machines on your local network.
********************************************************
Michael Dillon voice: +1-415-482-2840
Senior Systems Architect fax: +1-415-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
"The People You Know. The People You Trust."
********************************************************
