Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 13 Jul 2009 13:03:24 -0400
From:      Jon Radel <jon@radel.com>
To:        John Almberg <jalmberg@identry.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Should DNS be on same server as webserver?
Message-ID:  <4A5B68DC.2070505@radel.com>
In-Reply-To: <8195A2D9-F7AC-49F8-969E-A13EDFA3C05A@identry.com>
References:  <8195A2D9-F7AC-49F8-969E-A13EDFA3C05A@identry.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
John Almberg wrote:
> 
> The other day, a FreeBSD 'expert' told me that it is important to have 
> the DNS server for a domain on the same server as the domain's web 
> server. Supposedly, this saves doing tons of DNS look ups over the 
> network. Instead, they are done locally.
> 
> This makes sense to me, but I wonder if the performance difference is 
> really that significant?

In my experience, you're straying well into "it all depends" and "you'll 
have to benchmark your situation and see" territory.

I once walked into a situation where a web server was setup to do a 
reverse lookup on all log entries, and the DNS servers were on the far 
end of an overloaded 56 kbps line.  That was miserable, stupid slow and 
quickly cured by setting up a resolving name server on the web server.

On the other hand, in situations where my name servers have been on the 
same high-quality gigE switch as the web servers, I've never noticed an 
issue, but then I don't run any really high-volume servers.

On the third hand (too many years in front of CRTs), Apache and Bind 
have both had their security issues over the years, and there's 
something to be said for running them on different servers to reduce 
both the "all eggs in one basket" factor and the ease of spreading an 
attack.  (Yes, I'm assuming what you're actually running....)

If you want performance and security, you might consider running your 
authoritative dns servers for your domain on a different server, while 
on your web server you run a light-weight caching dns server reachable 
only on the loopback interface.

-- 

--Jon Radel
jon@radel.com

[-- Attachment #2 --]
0	*H
010	+0	*H
	100\^
Xq0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090225041326Z
100225041326Z0^10URadel10U*
Jon Thomas10UJon Thomas Radel10	*H
	
jon@radel.com0"0
	*H
0
O箩js;:|+\&W4fMcjDX&̡4g;}we62xrqF?6K#zjdf~pC.l5ծ>f%!T`O\BIe Gv$l\9BbkOBHnKl-q;
MlL (ٕ ,OJ%gCqb!?hض2y*0(0U0
jon@radel.com0U00
	*H
SWWƳN&⼮i#E[%Ҟ';uT}|m}^yըO-ʧ}BYp#tcSu
Bj8+G$bC4g/qi
77Stڄկ<`SNfT00\^
Xq0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090225041326Z
100225041326Z0^10URadel10U*
Jon Thomas10UJon Thomas Radel10	*H
	
jon@radel.com0"0
	*H
0
O箩js;:|+\&W4fMcjDX&̡4g;}we62xrqF?6K#zjdf~pC.l5ծ>f%!T`O\BIe Gv$l\9BbkOBHnKl-q;
MlL (ٕ ,OJ%gCqb!?hض2y*0(0U0
jon@radel.com0U00
	*H
SWWƳN&⼮i#E[%Ҟ';uT}|m}^yըO-ʧ}BYp#tcSu
Bj8+G$bC4g/qi
77Stڄկ<`SNfT0?0
0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
	*H
0Ħ<UsUNʙZhup[v:aQP
0cZ,p+Z?qV˯<6$*+w=+>@dקe*TH<a@dr`00U00CU<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 010UPrivateLabel2-1380
	*H
HP.
fgCL!6-6/P p<ab:~t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$F]_eO1d0`0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA^
Xq0	+0	*H
	1	*H
0	*H
	1
090713170324Z0#	*H
	14Up=-zj:c4mΚr0R	*H
	1E0C0
*H
0*H
0
*H
@0+0
*H
(0	+71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA^
Xq0*H
	1xv0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA^
Xq0
	*H
D0(JC/?+nH#mו|*Hӓ4փ?ٻ0JCpX;Xژ;ՂfO*+ 6-x_KͽZkH!7nx?vgF;ʖmĨK	Y..wli[[:E3ڵPT V(k355(K[r-DbRzXn(V/XȒL{wSڶj)CC9ʼQwI]@cTIVs(\

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A5B68DC.2070505>