again: one or two. simple. impact.
Great question Randy. For a bind resolver adding
zone "." { type mirror; };
to your local configuration will have a useful impact. simple. immediate.
This is getting into the weeds with BIND config, but won't an administrator also have to comment out any "type hint" root zone configuration at the same time? I would not have expected to be able to have both zone "." { type mirror; file "root.zone"; }; and zone "." { type hint; file "root.cache"; }; configured simultaneously, and the latter i beleive to be rather customary. So what does BIND fall back on if validation of the mirror root zone should fail or some other problem causes the mirror zone to be dis-regarded? Built-in root hints, perhaps? I'm just trying to map out all of the potential failure scenarios, and convince myself that this is "just as safe as before"... Regards, - HÃ¥vard