This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] NCC reverse delegation criteria
- Previous message (by thread): [dns-wg] NCC reverse delegation criteria
- Next message (by thread): [dns-wg] combining authoritative and recursive DNS service
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ralf Weber
dns at fl1ger.de
Wed Jun 12 07:07:27 CEST 2019
Moin! On 11 Jun 2019, at 20:40, Jonas Frey wrote: > I do see 3 major benefits to combine/unify these: > - "saving" IP addresses (depending of how many you run of course[1]) Should not be a problem with IPv6, and running the same function like http on the same IP is quite different from running different functions (recursive vs authoritative DNS) on the same IP. > - less effort managing (not having multiple places for configuration > thus unifiying [automated] setup) That is wrong. You have more efforts managing as you need to update the sever software more often. I can not count the numbers of times some CVE in bind was caused by the fact that it is both a recursive and authoritative server. From a security these have different attack scenarios and you now need to take care of both and some mitigations are only applicable to one function. > - saving ressources (servers, virtual machines, whatever they run on) Those are machine resources and cheap. Your manpower resources running mixed servers are higher as you have to be a lot more careful how you treat a mixed function dns server. Even pur bind shops these days run there servers with only one function. And all modern DNS software is either authoritative or recursive and there is a good reason for that. Unless you believe people dealing with this for decades are wrong. So long -Ralf —-- Ralf Weber
- Previous message (by thread): [dns-wg] NCC reverse delegation criteria
- Next message (by thread): [dns-wg] combining authoritative and recursive DNS service
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]