21 Bře
2021
21 Bře
'21
23:19
Am 21.03.21 um 22:36 schrieb Vladimír Čunát:
Hello.
On 3/21/21 10:04 PM, Alex JOST wrote:
I'll try to rephrase: The idea is to have Knot Resolver listening on
port 53 as an open resolver and forwarding queries for specific domains
to Knot DNS (as authorative DNS).
What are the downsides of having a recursive DNS
server in front of an
authoritative DNS Server? I'm wondering if all the points listed in
the linked article are relevant for small scale installations.
"in front"? That sounds like some misunderstanding, either on your side
or mine - perhaps I didn't get what you want to achieve? Authoritatives and recursives provide a different kind
of service and to
different "clients"; on a quick look I see that in the article though.
Historically I think both functions were commonly done by a single
service - BIND/named can still do it - but nowadays it's recommended to
run them separately. (Well, injecting a few "authoritative"
modifications of DNS inside a recursive server seems OK, but that's a
bit different.)
AFAICT BIND and PowerDNS can do this and some (or many?) people are
combining authoritative+recursive resolvers. So far I've not found many
compelling reasons not to do this besides "it's not recommended".
--
Alex JOST