non-recursive dns

[Barry Margolin]

In article <7la0vf$u3u$1 at coco.singnet.com.sg>,
Ronnie Corny <ronniecorny at rocketmail.com> wrote:
>what's the advantage of having a non-recursive dns?  It seems to defeat the 
>purpose of having a dns server...  can anyone enlighten me?

We enable recursion on our caching servers, but disable it on our
authoritative servers.  The latter servers are just supposed to be the
source of data for the domains we host.

Another example is the root and TLD servers.  Their purpose is to send
referrals listing the servers for the lower-level domains.  They're busy
enough doing this, we don't want them wasting their time performing
recursive queries; leave this to the caching servers that are querying
them.

>Also, are there any configurations I can do to secure my DNS from being a weak 
>link in my server?  I have my dns server running fine now and am just curious 
>about increasing security on my network.

I'm not sure what you mean by this.  Having multiple secondary servers, at
least one of which is off-site, should solve reliability problems.  What
other type of "weak link" are you concerned about?

>Also, are there any rules about giving an ip address to your domain name?  I 
>mean, like for xyz.org, can I do this:

It's done all the time.  Think of all the web sites where you can go to
http://company.com as an abbreviation for http://www.company.com.  How do
you think they do it?

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.