[87896] in North American Network Operators' Group
Re: AW: Odd policy question.
daemon@ATHENA.MIT.EDU (Randy Bush)
Fri Jan 13 17:12:03 2006
From: Randy Bush <randy@psg.com>
Date: Fri, 13 Jan 2006 12:07:11 -1000
To: Joe Abley <jabley@isc.org>
Cc: "John van Oppen" <john@vanoppen.com>, <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
>>> it is a best practice to separate authoritative and recursive
>>> servers.
>> why?
> Because it prevents stale, authoritative data on your nameservers
> being returned to intermediate-mode resolvers in the form of
> apparently authoritative answers, bypassing a valid delegation chain
> from the root.
and thereby hiding the fact that someone has either lame delegated
or i have forgotten to remove an auth zone, both cases i want to
catch. not a win here.
randy
