SOA and reverse map on same server....Security issues?

Brad Knowles brad at
Wed Jun 22 21:14:10 UTC 2005

At 8:04 PM +0000 2005-06-22, Mike Sponsler wrote:

>  Are there any security issues (or overall advantages) to having an SOA
>  server for a bunch of domains and a seperate server doing the reservse
>  zone mapping?  I know that its generally a good idea to seperate as
>  man DNS functions as possible to make it more secure.  But will
>  placing the SOA and reverse mapping on different DNS servers really
>  matter?

	You need to separate authoritative from caching functions, but 
beyond that you're not going to get any further additional security 
benefits by separating forward from reverse DNS services.

	Go ahead and put them both on the same server.  You'll be fine.

Brad Knowles, <brad at>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <> for more info.

More information about the bind-users mailing list