[11191] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Deepak Jain)
Tue Jul 22 18:52:24 1997
Date: Tue, 22 Jul 1997 18:39:34 -0400 (EDT)
From: Deepak Jain <deepak@jain.com>
To: Michael Dillon <michael@priori.net>
cc: nanog@merit.edu
In-Reply-To: <v0310280baffadadceb12@[10.11.12.33]>
> Correct me if I'm wrong, but this implies that nameservers whose sole
> purpose is to act as primary and secondary for customer domains can run
> with recursion disabled. I.e. all those nameservers whose identity is
> readily discernable from public databases such as the Internic, RIPE, etc.,
> could run in this configuration as long as they are not also intended to do
> lookups for local machines on your local network.
That's the way we run ours (non-recursive) It keeps performance up too
while keeping tabs on memory usage. In fact, we secondary commonly
accessed domains directly from their authoritative nameservers and keep
regular tabs on them to ensure our pointers are correct.
-Deepak.
AINet
