Separation of authoritative and recursive functions
Brad Knowles
brad at stop.mail-abuse.org
Wed Jul 6 10:05:15 UTC 2005
At 9:08 PM -0400 2005-07-05, Kevin Darcy wrote:
> As for the relative merits of separating the functions by view,
> listen-address or physical server(s) (irrespective of the
> one-program-or-two issue), opinions differ widely on that, and each
> admin/architect needs to decide for himself/herself, based on their
> specific security/availability/performance requirements,
> fiscal/facility/address-space constraints, support infrastructure, etc.
One advantage to using separate machines, or at least separate
instances of BIND, is that if there is a leak inside the code, you
could potentially wind up with a situation where one view is somehow
poisoned by data from another view. Separate instances of BIND or
separate machines will guarantee that doesn't happen.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list