[AusNOG] DNS design (was Re: Botnet??)
Paul Gear
ausnog at libertysys.com.au
Sun Jul 29 13:23:26 EST 2012
On 29/07/12 12:11, Dobbins, Roland wrote:
> ...
> Recursive & authoritative functionality should be separated, as well:
>
> <http://dl.dropbox.com/u/25235895/dnstiers.jpg>
Interesting diagram. I have a couple of questions:
* What is the significance of primary and secondary in that diagram?
I thought BIND 8+ had done away with all that, and there were just
masters and slaves. Is it a role only locally significant on that
site, like the anycast loopbacks?
* What is the purpose of the external resolvers? Wouldn't their
purpose be just as easily fulfilled by the zone slaves?
* What do the hidden masters and zone slaves use for external
resolution? The internal resolvers? One of the caching-only groups?
* What's the purpose of the aggregate caching-only forwarders? Is it
merely a scale issue that dictates their use instead of a direct
relationship between the caching-only forwarders and the internal
resolvers?
Sorry for the barrage of questions, but this is quite relevant to a
project i'm working on, and i'm keen to understand other people's designs.
Thanks in advance,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120729/b2e45a4e/attachment.html>
More information about the AusNOG
mailing list