Cache only and reverse mapping

J bind at
Fri Dec 16 17:20:08 UTC 2011

sasa sasa wrote:
> I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation
> tree (answering world), and I know about cache vulnerabilities so I was
> wondering what is the best solution for ISPs? By separating cache from
> authorities, you mean implementing 2 DNSs (2 different IPs)? This doesn't
> sound practical.
> Thanks, Sa

Why not?  Your customers don't need to know about the authoritatives
directly; the only addresses they'll require are the caching servers'.

I'd bet on small efficiencies to be gained only by mixing the two, but not
worth the potential troubles, IMHO.

More information about the bind-users mailing list