From owner-freebsd-questions@FreeBSD.ORG Wed Feb 22 15:05:29 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A73AA16A422 for ; Wed, 22 Feb 2006 15:05:29 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: from lmail.bathnetworks.co.uk (mail.bathnetworks.com [84.92.24.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7143B43D45 for ; Wed, 22 Feb 2006 15:05:27 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: (qmail 9644 invoked by uid 510); 22 Feb 2006 15:08:07 +0000 Received: from 127.0.0.1 by lmail.bathnetworks.co.uk (envelope-from , uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.88/1261. spamassassin: 3.0.2. perlscan: 1.24-st-qms. Clear:RC:0(127.0.0.1):SA:0(-5.3/5.0):. Processed in 1.335327 secs); 22 Feb 2006 15:08:07 -0000 X-Spam-Status: No, hits=-5.3 required=5.0 X-Antivirus-MYDOMAIN-Mail-From: bsd@bathnetworks.com via lmail.bathnetworks.co.uk X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(127.0.0.1):SA:0(-5.3/5.0):. Processed in 1.335327 secs Process 9635) Received: from localhost (HELO 192.168.0.50) (bsd@bathnetworks.com@127.0.0.1) by lmail.bathnetworks.co.uk with SMTP; 22 Feb 2006 15:08:05 +0000 Received: from 192.168.0.107 (SquirrelMail authenticated user bsd@bathnetworks.com) by 192.168.0.50 with HTTP; Wed, 22 Feb 2006 15:08:05 -0000 (GMT) Message-ID: <1233.192.168.0.107.1140620885.squirrel@192.168.0.50> In-Reply-To: References: <1140335174.19974.19.camel@lmail.bathnetworks.co.uk> Date: Wed, 22 Feb 2006 15:08:05 -0000 (GMT) From: bsd@bathnetworks.com To: "bsd" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: Liste FreeBSD Subject: Re: Multiple DNS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2006 15:05:29 -0000 > > Le 19 févr. 06 à 08:46, Robert Slade a écrit : > >> Hi, >> >> I am looking for some advice. I have a network which is based on a >> number of servers running FreeBsd 6.0 serving Win XP work stations. >> (yes >> I know but..) The network is large enough to use DHCP and DNS for the >> internal network, I have setup a DHCP server with a Dynamic DNS >> (Bind 9) >> on one of the servers. That server is handling the LDAP side of the >> domain. >> > > Is your DNS server busy resolving internal requests or external ones ? Mostly external from what I can ascertain, it looks like the mail server (Qmail) doing lookups. > >> There appears to be a fair bit of DNS Traffic which leads to a >> secondary >> DNS being required to take some of the load as DNS lookup are slow. >> The >> question I have is should I just setup a cashing DNS on another server >> using the primary as a forwarder or even several servers eg the mail >> server and the secondary LDAP server, or should I setup a proper >> secondary DNS using my ISP as a forwarder with dynamic updates from >> the >> primary. >> > > You should not forward anything to your ISP. This is probably the > main reason for your DNS beeing slow. > > You should make shure you have well defined your network in your conf > (so that you don't resolve queries for outside users...)- > I would not advise you to forward any queries to your ISP as this > will disable the capacity for your own server to build It's own > resolver database and forward all the queries to the ISP (resulting > in slow answers)! I've now taken out the forwarders. > > > Normaly you should configure the master and the slave to be > authoritative for your internal domains. > And configure the master and the slave to resolve ALL the Internet > domains for your internal network and none for outside domains. > That is how I have setup the master, it only answer's queries from the internal network. > > DNS is very tightly related to network... And we don't have any clue > for the topology of your Net. > > > SHORT ANSWER : DON'T FORWARD --> BUILD YOUR OWN DATABASE!! > > >> Sorry if this is a bit vague, but I have no experience in this area. >> >> Rob >> > Thanks for the info, it has helped me. I had misunderstood the forwarders bit. Many thanks Rob