This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[members-discuss] New (silent) reverse dns checks
- Previous message (by thread): [members-discuss] New (silent) reverse dns checks
- Next message (by thread): [members-discuss] New (silent) reverse dns checks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jonas Frey
ripe at probe-networks.de
Fri Jun 7 22:03:23 CEST 2019
Mans, can you explain why? ISC (as for bind) itself only states that separting them has one purpose: protecting from downtimes should one fail [1] DJ Bernstein stated it also has protective reasons due to ressource exhaustion [2] (but that info is from 2003). With current hardware in 2019 i hardly see this possible. Even more unlikely if combined with RRL (on bind), which is neccessary for anything open nowadays. With uRPF on the network side this handles quite well. Given all this, what are the real reasons in 2019 to not combine recursor and auth.? - Jonas [1] https://kb.isc.org/docs/bind-best-practices-authoritative [2] https://cr.yp.to/djbdns/separation.html > And, open resolvers have no place on authoritative servers. Full > stop. > > -- > Måns Nilsson SVT > +46 8 7848628
- Previous message (by thread): [members-discuss] New (silent) reverse dns checks
- Next message (by thread): [members-discuss] New (silent) reverse dns checks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]