From owner-freebsd-questions Wed Feb 12 2:22:33 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D24CC37B401 for ; Wed, 12 Feb 2003 02:22:31 -0800 (PST) Received: from catflap.home.slightlystrange.org (pc1-cmbg1-4-cust43.cmbg.cable.ntl.com [62.253.133.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FEB443F93 for ; Wed, 12 Feb 2003 02:22:30 -0800 (PST) (envelope-from dan@slightlystrange.org) Received: from danielby by catflap.home.slightlystrange.org with local (Exim 3.36 #1) id 18iu23-000FfT-00 for freebsd-questions@FreeBSD.ORG; Wed, 12 Feb 2003 10:22:23 +0000 Date: Wed, 12 Feb 2003 10:22:23 +0000 From: Daniel Bye To: freebsd-questions@FreeBSD.ORG Subject: Re: Resolving or blocking eg. doubleclick.net? Message-ID: <20030212102223.GA60013@catflap.home.slightlystrange.org> Reply-To: dan@slightlystrange.org Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <200302121029.14713.freebsd.nospam@mekanix.dk> <200302121109.33305.kde.nospam@mekanix.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200302121109.33305.kde.nospam@mekanix.dk> User-Agent: Mutt/1.4i X-Scanner: exiscan *18iu23-000FfT-00*pYvwOIs7/32* (SlightlyStrange.org, Using NOD32 http://www.nod32.com) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Feb 12, 2003 at 11:09:33AM +0100, Bjarne Wichmann Petersen wrote: > On Wednesday 12 February 2003 10:43, Frank Tegtmeyer wrote: > > > > 3) Since I'm only aiming for a dns-cache I'm right in assuming I should > > > keep my hands away from all the zone-stuff? > > Much better: follow the instructions in > > http://cr.yp.to/djbdns/install.html and > > http://cr.yp.to/djbdns/run-cache.html > > and then forget any dns- and dns related security problems. > > Tried it, but really got confused trying to install it. Ended up having a > service dir created all over my system. Never got it to work. > > But looks like I got bind working (my firewall blocked quiries), but it > doesn't look like a dnscache is solving my problem. *Still* takes forever for > my box to resolve eg. doubleclick.net. This is *REALLY* getting on my nerves > to sit and wait ½-5 minutes for a page to load because some unresolvable > server is blocking. > > Anyone know how to solve this issue? I have just tried to resolve doubleclick.net, and the first hit took around three seconds. Thereafter, with it cachedi locally, it came back in at most 0.02 seconds. I reckon your best bet is to persevere - does the cache demonstrate any advantage at all? I put my upstream (ISP's) caches in the forwarders section in named.conf. While not strictly necessary, as already pointed out, it can give you the advantage of tapping into a huge set of cached data on your ISP's servers. Suck it and see - I cannot believe that you are the only person connecting through your ISP who gets pelted with these bloody ads from doubleclick. Check for messages in /var/log/messages, or whatever file your named logs to. > And where *does* named/bind store it's cache-data? In RAM, where it's most useful. Using the (r)ndc utility, you can make it dump its cache to a predefined file if you ever fancy taking a stroll through it. -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message