From owner-freebsd-current Sun Apr 18 2:57:55 1999 Delivered-To: freebsd-current@freebsd.org Received: from picalon.gun.de (picalon.gun.de [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id 1EEC61515D for ; Sun, 18 Apr 1999 02:57:51 -0700 (PDT) (envelope-from andreas@klemm.gtn.com) Received: from klemm.gtn.com (pppak04.gtn.com [194.231.123.169]) by picalon.gun.de (8.8.6/8.8.6) with ESMTP id LAA14901; Sun, 18 Apr 1999 11:55:18 +0200 (MET DST) Received: (from andreas@localhost) by klemm.gtn.com (8.9.3/8.9.2) id LAA12276; Sun, 18 Apr 1999 11:54:02 +0200 (CEST) (envelope-from andreas) Date: Sun, 18 Apr 1999 11:54:02 +0200 From: Andreas Klemm To: Matthew Dillon Cc: Andreas Klemm , Annelise Anderson , Soren Schmidt , freebsd-current@FreeBSD.ORG Subject: Re: login Message-ID: <19990418115402.A11762@titan.klemm.gtn.com> References: <199904171925.VAA22900@freebsd.dk> <19990418015658.A95962@titan.klemm.gtn.com> <199904180726.AAA77697@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199904180726.AAA77697@apollo.backplane.com>; from Matthew Dillon on Sun, Apr 18, 1999 at 12:26:15AM -0700 X-Operating-System: FreeBSD 3.1-STABLE SMP X-Disclaimer: A free society is one where it is safe to be unpopular Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Apr 18, 1999 at 12:26:15AM -0700, Matthew Dillon wrote: > > Setting a forwarders chain sucks, because named doesn't do the right thing > with it -- even if you have multiple entries, if the first one is > unreachable it will create a significant delay for nearly all your > DNS requests which can seriously degrade scripts and servers. Uh, didn't know that, thanks. Well, here I use only one forwarder entry as the leaf site of an ISP. I forward all DNS traffic to the DNS Server, that is located in the same segment as the NAS. Don't want to act as a secondary for the whole gtn.com. domain, because my machine often boots, so the extra traffic of the zone transfers isn't welcome ;-) > The safest way to set up a reliable DNS server is very similar to what > you have above, but without forwarders. O.k., understand that. But would do that only in my own network. If you have for example a machine in a customers network for doing some analysis task, I wouldn't setup secondaries, to be more silent in the network. > * You install a root cache. i.e., no forwarders. No remote cache... only > local caching. root.zone can be obtained from ftp.rs.internic.net as > the file domain/root.zone.gz. I run this from cron, this makes things easier on the long run: 0 18 * * 0 dig @a.root-servers.net . ns > /etc/namedb/named.root.new && mv /etc/namedb/named.root.new /etc/namedb/named.root > * You then secondary the domains that are most critical for your machine's > proper booting and operation. For example, at BEST each of our machines > secondaries the best.com domain. Good idea. Andreas //// -- Andreas Klemm http://www.FreeBSD.ORG/~andreas http://www.freebsd.org/~fsmp/SMP/SMP.html powered by Symmetric MultiProcessor FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message