Cache only and reverse mapping
bind at namor.ca
Fri Dec 16 17:20:08 UTC 2011
sasa sasa wrote:
> I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation
> tree (answering world), and I know about cache vulnerabilities so I was
> wondering what is the best solution for ISPs? By separating cache from
> authorities, you mean implementing 2 DNSs (2 different IPs)? This doesn't
> sound practical.
> Thanks, Sa
Why not? Your customers don't need to know about the authoritatives
directly; the only addresses they'll require are the caching servers'.
I'd bet on small efficiencies to be gained only by mixing the two, but not
worth the potential troubles, IMHO.
More information about the bind-users