13 Jan
2006
13 Jan
'06
5:07 p.m.
it is a best practice to separate authoritative and recursive servers. why? Because it prevents stale, authoritative data on your nameservers being returned to intermediate-mode resolvers in the form of apparently authoritative answers, bypassing a valid delegation chain from the root.
and thereby hiding the fact that someone has either lame delegated or i have forgotten to remove an auth zone, both cases i want to catch. not a win here. randy