nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS problems to RoadRunner - tcp vs udp

From: Michael Sinatra <michael () rancid berkeley edu>
Date: Sun, 15 Jun 2008 23:56:31 -0700
Mark Andrews wrote:


        Authoritative only servers need hints so that NOTIFY will
work in the general case.
Presumably that's because the authoritative server will want to look up the RDATA (hostname) of each NS record that serves a zone for which it is authoritative. Could you avoid this if you used something like 'notify explicit' and specified all slave servers by IP address in an also-notify clause? 


        Eventually, they will also need
        them so we can get rid of IP addresses in masters clauses
        on slave/stub zones.  This will help reduce the costs in
        renumbering.
Would an administrator still have the option of specifying masters by IP address if they desire, and therefore remove the need for the hints file? It seems that this would at least give the option of not only forcing recursion off, even if someone turns it on by accident (as Mike notes), but it also should help reduce the potential for reflection attacks from authoritative servers giving upward referrals for out-of-zone queries, no? 

michael
Previous By Date Next
Previous By Thread Next

Current thread: