selecttest tool

Kevin Darcy kcd at chrysler.com
Wed Aug 13 21:37:28 UTC 2008


Andrey G. Sergeev (AKA Andris) wrote:
> Hi there,
>
>
> Mon, 11 Aug 2008 20:10:09 -0700 JINMEI Tatuya / 神明達哉 wrote:
>
>   
>> I don't know the answer to this question, but your operational 
>> environment seems to be extraordinary in some points:
>>
>> - it's acting both as an authoritative and as a caching server
>>     
>
> To Walter Gould: I think it's time to expand your operational
> environment. Try to distribute the DNS-related tasks over two - or more,
> if required - machines. Let the first server acts as auth-only server
> for the zones you are in control of and the second as a cache engine
> *only*. This configuration seems to be more flexible, reliable and also
> secure.
>   
Let's be clear here: there's nothing *inherently* wrong with running
authoritative nameservers and a recursive resolver on the same machine
or even within the same nameserver instance, using views.

The unusual thing here is that in Walter's case both of these functions
are *high-volume* and combining them in a single instance may be
straining BIND's architectural limits.

I agree that separating the authoritative nameservice and recursive
resolution services to separate instances or separate machines, would be
the logical next step in addressing this problem.

- Kevin



More information about the bind-users mailing list