From owner-freebsd-questions@FreeBSD.ORG Tue Jul 6 13:05:20 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EEE116A4D1 for ; Tue, 6 Jul 2004 13:05:20 +0000 (GMT) Received: from mbox.ibctech.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E63C43D55 for ; Tue, 6 Jul 2004 13:05:10 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 4109 invoked by uid 1002); 6 Jul 2004 13:05:21 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 2.177463 secs); 06 Jul 2004 13:05:21 -0000 Received: from unknown (HELO pearl.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 6 Jul 2004 13:05:18 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca); by pearl.ibctech.ca with HTTP; Tue, 6 Jul 2004 09:05:19 -0400 (EDT) Message-ID: <3493.209.167.16.15.1089119119.squirrel@209.167.16.15> In-Reply-To: <20040706102316.GB9617@happy-idiot-talk.infracaninophile.co.uk> References: <20040705202019.GC40182@0lsen.net> <20040706102316.GB9617@happy-idiot-talk.infracaninophile.co.uk> Date: Tue, 6 Jul 2004 09:05:19 -0400 (EDT) From: "Steve Bertrand" To: "Matthew Seaman" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: Clint Olsen cc: questions@freebsd.org Subject: Re: Using DHCP /and/ name recognition w/o running BIND X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2004 13:05:20 -0000 > I don't think so. Lack of DNS performance is something that will > cause the most harm to your experience of using the net. Running your > own DNS recursive server is the best way to get good DNS performance. I don't mean to take away from this post in anyway because it was very informative, however, I have found that preventing your own DNS server from doing recursion and setting it up as forwarders only is in many cases even a faster method of retrieving DNS entries. I just find that allowing the ISP with the OC-3 circuits do all of the recursion and just sending the final result back to me speed things up just that much more. Mind you on a home network, the requests are much fewer and far between, but the forwarders clause can reduce load on the system and on the home Internet connection, and put the load on the equipment and infrastructure that were really designed to handle it. (Plus, you will also benefit from their cache as well, greatly reducing the recursion that is required). Just my $.02 sb > > For a home network, you can also run authoritive local domains from > the same server without to much trouble. So long as your DNS server > is on your private network and not accessible externally this should > be OK. For public use though, mixing up authoritative and recursive > DNS functions on the same server is bad juju, and should only be done > by grown-ups. > >> There seems to be a current undocumented feature of most of these >> routers >> that if you use the router as a DNS server entry that it automagically >> forwards those requests to the DNS entries on the WAN side. However, >> for >> tools like nslookup that make explicit connections to the server, this >> does >> not work correctly. > > Yes -- that's simply DNS recursion. You ask the DNS server on your > router "what is the IP number corresponding to www.freebsd.org": a > recursive server will track the answer down for you, by asking in turn > the root servers, the .org TLD servers and the freebsd.org servers on > your behalf. Or it will tell you the cached answer it got from doing > all that a few minutes previously. An authoritative server will just > answer "dunno", unless it happens to be one of the freebsd.org > servers. > > You should still be able to use the usual DNS tools to query other > servers directly. eg: > > % dig @ns0.freebsd.org. www.freebsd.org. IN A > > If your router is filtering out DNS traffic other than through it's > own server, then you'll have to adjust it's programming. It could > just be a matter of tweaking the packet filters for UDP traffic on > port 53. If your router won't let you do that, get a better one. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH UK >