Anand Buddhdev

Hi Alexander,

Actually, you don't need either. If you start BIND with the "-f" option,
it remains in the foreground, and this is the best way to run daemons
under upstart (and also OSX's launchd). See below.

Replace this with "exec /usr/sbin/named -f -u bind"

Remove this "expect fork".

Regards,

Anand Buddhdev
RIPE NCC

Hi Saif,

You can use something like this in your configuration:

allow-transfer { key key_id1; key key_id2; key key_id3; ... };

where key_id1, key_id2, etc are the keys configured on each slave.

Regards,

Anand

Daniel,

For many companies the bottom line is revenue. If a large ISP's
customers can't resolve some popular domains, and start calling to
complain, it would flood their helpdesks, and they would lose revenue.
They cannot afford to be idealists.

Comcast has taken a pragmatic view. I'm glad to see they've turned on
validation, but I can see why they need to configure exceptions. Without
being able to manage exceptions, large ISPs are not going to turn on
validation.

Regards,

Anand