Feature request - disable internal recursion cache

Michael Hare michael.hare at doit.wisc.edu
Sat Oct 31 14:16:27 UTC 2009


>> Well, except then you need to update all of your delegations. That can 
>> not only be an administrative hassle, but can also get very expensive, 
>> especially if you have hundreds of them in ccTLDs, where you have to pay 
>> your "in-country agent" a fee for every registry change. It's quite a 
>> racket.
> 
> You don't have to change all the domain registrations.  You just have to 
> change the A records of the nameserver names.  Hopefully you haven't 
> done something silly like use different nameserver names for each domain.

Updating the adns A records is great but this doesn't automatically 
change firewall rulesets.  I can't control what kind of good or bad 
assumptions folks that we are secondaries for made.

I think we can agree that it can be a lot of effort to break auth and 
recursive into two IPs no matter what route you go.

I agree that using adns for rdns proxy is suboptimal but sometimes the 
lower cost engineering solutions in practice are just as good as the 
painful ones.

I mostly threw my hat in the ring so that it would be known that more 
than one BIND user could benefit from a feature like this.

-Michael



More information about the bind-users mailing list