Date: Sun, 18 Apr 1999 00:26:15 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Andreas Klemm <andreas@klemm.gtn.com> Cc: Annelise Anderson <andrsn@andrsn.stanford.edu>, Soren Schmidt <sos@freebsd.dk>, freebsd-current@FreeBSD.ORG Subject: Re: login Message-ID: <199904180726.AAA77697@apollo.backplane.com> References: <199904171925.VAA22900@freebsd.dk> <Pine.BSF.3.96.990417123736.11621A-100000@andrsn.stanford.edu> <19990418015658.A95962@titan.klemm.gtn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:On Sat, Apr 17, 1999 at 12:38:25PM -0700, Annelise Anderson wrote:
:>
:> I think it was, thanks. I changed the order of the nameservers
:> in resolv.conf and it no longer happens. :)
:
:What about setting up a caching DNS server on your machine ?
:You could configure forwarders.
:
:options {
: directory "/etc/namedb";
: forwarders {
: aaa.bbb.ccc.ddd;
: };
:};
:
:in /etc/resolv.conf
:
:domain your.domain
:nameserver 127.0.0.1
:
:Had to do many many (~600) DNS requests in a script and had
:a lame nameserver over network about 3-4 hops away.
:
:After configuring a local DNS server the script was much (!) faster.
:
:--
:Andreas Klemm http://www.FreeBSD.ORG/~andreas
I'm going to pass on a lesson I learned at BEST.
Setting a forwarders chain sucks, because named doesn't do the right thing
with it -- even if you have multiple entries, if the first one is
unreachable it will create a significant delay for nearly all your
DNS requests which can seriously degrade scripts and servers.
The safest way to set up a reliable DNS server is very similar to what
you have above, but without forwarders.
* You setup a local DNS server
* You install a root cache. i.e., no forwarders. No remote cache... only
local caching. root.zone can be obtained from ftp.rs.internic.net as
the file domain/root.zone.gz.
zone "." {
type hint;
file "root.zone";
};
* You then secondary the domains that are most critical for your machine's
proper booting and operation. For example, at BEST each of our machines
secondaries the best.com domain.
You need to do this sort of thing to ensure that your machine is able
to boot normally into a getty even when it is disconnected from the net,
so you can at least login to it from the console. This guarentees that
the domains the system needs to boot are cached locally as of the time
of the poweron/reboot. If not, the machine will still eventually finish
booting, but it could take a long long time to get past all the myrid
DNS timeouts.
zone "best.com" {
type slave;
file "s/best.com";
masters {
209.24.149.41;
209.157.102.11;
209.24.149.42;
};
};
By setting up your DNS this way, you generate a small amount of extra
net traffic but you get an order of magnitude better reliability out
of it. By forcing DNS to do lookups through the NS record structure,
you get around problems with ( for example ) domains which have lame
nameservers. The NS structure is a parallel/least-time poll. A
forwarders structure runs a sequential/timeout poll.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904180726.AAA77697>