From owner-freebsd-isp Thu May 24 19:54:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id BE48337B43C for ; Thu, 24 May 2001 19:54:28 -0700 (PDT) (envelope-from DougB@DougBarton.net) Received: from DougBarton.net (master [10.0.0.2]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id TAA19430; Thu, 24 May 2001 19:54:24 -0700 (PDT) (envelope-from DougB@DougBarton.net) Message-ID: <3B0DC960.414F0120@DougBarton.net> Date: Thu, 24 May 2001 19:54:24 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Mark Drayton Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Resolving DNS setup References: <20010522185407.A30604@tethys.valhalla.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mark Drayton wrote: > > Hi > > Recently I set up a caching only nameserver at work which all our office > machines, servers and dialup customers use for resolution instead of our > two authoritative nameservers. A few days ago our internet connection > went down, meaning that the caching nameserver couldn't get to the root > nameservers and therefore couldn't resolve anything it didn't have > cached. As it couldn't get to the root servers it also couldn't answer > any queries for zones that we are authoritative for (even though the > authoritative namesevers are on the same network). > > The end result of this was that customers who dialled into us couldn't > see our site or pick up their mail as the caching nameserver wouldn't > resolve the hostnames of the web/mail servers. > > Obviously this is a Bad Thing and I'd like to sort it out, especially > as I'm going to add another caching nameserver in the near future. What > would be the best way of fixing this? My thoughts so far are: > > a) make the caching nameserver a slave for all the domains held on our > authoritative nameservers This is the best solution for your problem. > Another problem with the caching nameserver is it's very slow to pick up > *new* RRs on our authoritative servers (I know I need to wait for the > TTL to expire on changed records). Will the caching nameserver wait for > the TTL of the zone to expire before it asks the authoritative servers, > *even when it has no cached answer to the query*? I think you're confusing a couple of concepts here. But, if I understand what you're saying correctly, the problem will be solved by making your resolving nameservers slaves for your zones. BTW, you should really have sent this to -questions. HTH, Doug -- I need someone really bad. Are you really bad? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message