On 2/14/2010 7:48 PM, Scott Howard wrote:
On Sun, Feb 14, 2010 at 5:19 PM, Larry Sheldon <LarrySheldon@cox.net> wrote:
It is possibly to run both Authoritative and Recursive server on the same IP, but it's generally not recommended for many reasons (the most simple being that of stale data if your server is no longer the correct nameserver for a domain, but it's still configured to be authoritative for that domain).
Seems like TTL management would take care of that but I think the issues of recursion are now different from the safe world I thought I lived in 20 years ago.
TTL's play no part in how any Authoritative server answers a request.
I understand that--but it the TTL is being managed correctly the server answering authoritatively ought to stop doing so when the TTL runs out, since it will not have had its authority renewed.
Consider what happens if your DNS server was authoritative for example.com, and the .com nameservers pointed to you for that domain. Your customer who owns the domain then changes the delegation to another provider (and/or the domain expires, etc) but doesn't tell you.
At this point, your server is still answering all requests for example.com - because that's what authoritative servers do. It won't check to make sure that the domain is still delegated to it, and doing so would make no sense in a generic sense (eg, it might be an internal only domain, or testing a new domain that hasn't yet been delegated to you, etc).
The glue and all of that stuff won't expire at TTL=0? I'll have to study that a bit. Seems like the zone file shold have been replaced to reflect the authority change. -- "Government big enough to supply everything you need is big enough to take everything you have." Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml