DNS listeners, DNS Express & BIND
I'm a little confused over what is/ isn't deemed best practice. Is there's anything wrong with the following points? Listener configured; queries are both wip's and non-wip records. Bind is enabled to be able to create non-wip records - is this correct? Recursion has been enabled in the named config and restricted to an acl of rfc1918 addresses. DNS express is configured to import the local zone from bind for performance purposes. Unhandled Query Actions set to drop in the profile. My understanding being requests would not be passed to bind with this set thus making it more secure? With this enabled the wip times out 3 times before resolving on the 4th try. Coincidentally I have 4 VS in the gslb pool. I did try disabling bind completely and found my wip's again timed out several times before eventually resolving? Any pointers/ help, much appreciated.