Splitting of authoritative from recursive nameservers

2007-03-08 - News - Chris Thompson

There is a new version of the sample configuration for "unofficial" slave nameservers on the CUDN at


This is a major revision, which includes new reverse zones, advice on access control settings, and several other changes. However the most important, and one which anyone managing such a slave nameserver should act on as soon as possible, is that the zones which were previously being fetched from

 masters {;; };

should now be fetched from

 masters {;; };

instead. The background to this is described below.

We are in the process of separating the authoritative nameservers for the Cambridge University DNS zones from those providing a recursive DNS lookup service for clients on the CUDN. To minimise the pain, it is the latter which have to retain the existing IP addresses. When the transformation is complete we will have

authdns0.csx.cam.ac.uk []
authdns1.csx.cam.ac.uk []

providing non-recursive authoritative access to our zones (and zone transfer for appropriate zones to clients on the CUDN) while

recdns0.csx.cam.ac.uk []
recdns1.csx.cam.ac.uk []

will provide a recursive lookup service to CUDN clients (but not zone transfers), and no service at all outside the CUDN.