Public facing authoritative NS all masters

Mike Hoskins (michoski) michoski at cisco.com
Sun Jul 13 18:02:18 UTC 2014


-----Original Message-----
From: Gary Wallis <wgg1970 at gmail.com>
Date: Sunday, July 13, 2014 at 12:11 PM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Public facing authoritative NS all masters

>Hello,
>
>What are the drawbacks, if any, of running only master name servers for
>the set of authoritative NSs?
>
>For example given:
>
>[root at rc37 unxsVZ]# dig latimes.com NS +short
>dns1.tribune.com.
>dns2.tribune.com.
>dns4.tribune.com.
>dns3.tribune.com.
>
>Where all 4 dnsN servers are in fact masters (this is just a
>hypothetical, the NS above are most likely secondary servers)

I'm not aware of any drawbacks from a strict DNS perspective.  There could
be administrative overhead depending how you set it up, but we have hidden
masters which allow central control of our "public masters" which in turn
serve a few zones + act as origins for services like Akamai.  It's worked
well for us over the past decade.



More information about the bind-users mailing list