Feature request - disable internal recursion cache
Michael Hare
michael.hare at doit.wisc.edu
Sat Oct 31 14:16:27 UTC 2009
>> Well, except then you need to update all of your delegations. That can
>> not only be an administrative hassle, but can also get very expensive,
>> especially if you have hundreds of them in ccTLDs, where you have to pay
>> your "in-country agent" a fee for every registry change. It's quite a
>> racket.
>
> You don't have to change all the domain registrations. You just have to
> change the A records of the nameserver names. Hopefully you haven't
> done something silly like use different nameserver names for each domain.
Updating the adns A records is great but this doesn't automatically
change firewall rulesets. I can't control what kind of good or bad
assumptions folks that we are secondaries for made.
I think we can agree that it can be a lot of effort to break auth and
recursive into two IPs no matter what route you go.
I agree that using adns for rdns proxy is suboptimal but sometimes the
lower cost engineering solutions in practice are just as good as the
painful ones.
I mostly threw my hat in the ring so that it would be known that more
than one BIND user could benefit from a feature like this.
-Michael
More information about the bind-users
mailing list