From owner-freebsd-stable@FreeBSD.ORG Fri Jul 18 06:25:39 2008 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14A071065672 for ; Fri, 18 Jul 2008 06:25:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id 82D5E8FC0C for ; Fri, 18 Jul 2008 06:25:37 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id PAA28423; Fri, 18 Jul 2008 15:46:50 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 18 Jul 2008 15:46:49 +1000 (EST) From: Ian Smith To: Mark Andrews In-Reply-To: <200807172314.m6HNEPMN059378@drugs.dv.isc.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: stable@freebsd.org, Eugene Grosbein Subject: Re: named.conf: query-source address X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2008 06:25:39 -0000 On Fri, 18 Jul 2008, Mark Andrews wrote: > To: Matthew Seaman > > query-source is only ever used by recursive or stub resolvers -- > > instances of named that will go out and make queries on the net on your=20 > > behalf. Authoritative servers really don't need it. > > Actually authoritative servers make queries to work out > where to send notify messages. While sending a notify to > the wrong place is not that bad. It is good practice to > see that authoritative servers are also fixed now rather > than later. Servers have a habit of changing roles and > when that happens not everyone will looks in options to see > if query source is correct. > > Also at some point I'd like to be able to get rid of masters > clauses or at least go from IP addresses to hostnames. The > slave / stub zones would then have to go out and discover > the ip address on the fly. Re the latter point, I can see the advantage of being able to move a primary server to a new IP address without needing slave/s to update their config. On the other hand I can see possible chicken/egg issues in some instances, for example testing axfrs before a new domain comes online, or a domain disappearing even temporarily ([re-]registration problems, politics or other upstream failures) where specifying masters by IP address keeps things rolling. At least consider keeping config-time hostname resolution of masters optional? And I guess the same principles apply to allow-transfer, forwarders and other address lists? cheers, Ian