Hi, Best practice in DNS is to run separate recursive and authoritative dns servers. It's referenced in some rfc somewhere I believe. Scripting something to check the whois every night for the domains you host and removing ones that are no-longer pointing at your dns servers is also a good idea (saves doing it by hand.) Cheers, On 24/04/2009, at 2:35 PM, Dave Mill wrote:
On that note, I'm currently splitting recursive and authoritative DNS plus using unbound as a primary recursive DNS server.
My thoughts on this so far are...
-Splitting recursive from authoritative DNS is a complete pain in the @#$# but has many, many benefits. -Unbound seems rather nice. Simple to set-up, simple configuration, and supports so many things out of the box. Seems to have a rather nice forked operation mode which I'm currently testing.
So, take the plunge and do the split. And if you're unhappy with bind (I was) try unbound as an alternative.
Dave
On Fri, Apr 24, 2009 at 2:20 PM, lenz
wrote: +1 (probably with a small hint to a decent dns server that knows about the difference between authoritative and recursive ...) lenz
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog