Hi, On Tue, Jun 11, 2019 at 07:52:18PM +0200, Jonas Frey wrote:
If cache poising is beeing taken care of (be it via DNSSEC or else) what other reasons are there to not combine both?
Well, the reason we separated these functions (like some 20 years ago) was "provisioning of customer domains that are not delegated to us at the corresponding TLD servers". So, asking our recursives would give *different* answers than "the formally correct one" if they also hold authoritative zones which have not yet been delegated to us (or have been moved away from us, and updated at their new ISP, while our zones have not yet been deleted and still serve the old values). The time window might be small, but serving wrong answers was not acceptable for us. OTOH, while not the original reason, we're quite happy with the decision to split the function, because now we can mix and match DNS software according to their strenghts - recursive runs unbound and pdns_recursor, authoritative runs bind and knot. And possibly nsd one day. Without having to consider "will this nice authoritative DNS software package do recursive as well?"... Can you explain why it would be desirable to *have* these unified? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279