Differences between version 8 and predecessor to the previous major change of DNSBestPractices.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 8 | Last edited on Friday, May 20, 2005 10:26:11 am | by DanielLawson | Revert |
| Older page: | version 7 | Last edited on Monday, February 21, 2005 9:25:32 pm | by StephenShirley | Revert |
@@ -69,11 +69,15 @@
dig +norecurse -t ns domain.tld @nameserver
If the flags line in the header of the output contains 'aa' (for authorative answer), then the nameserver is authorative for that domain.
!!!Caching nameservers
-For nameservers that are supposed to handle recuresive
lookups for stub resolvers, limit the IP ranges that can issue requests aggressively. People who can do recursive queries through your nameservers can end up with bad entries being cached.
+For nameservers that are supposed to handle recursive
lookups for stub resolvers, limit the IP ranges that can issue requests aggressively. People who can do recursive queries through your nameservers can end up with bad entries being cached.
+
+!!!Authoritative and Caching nameservers
+The general consensus is "don't". You shouldn't run a recursive nameserver and an authoritative nameserver in the same process, due to the possibility of cache poisoning. DJB has a relatively clear [explanation|http://cr.yp.to/djbdns/separation.html].
+
----
See also: NamedNotes
----
Part of CategoryDns, CategoryBestPractices
