Date: Sat, 5 Dec 1998 15:03:11 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: alk@pobox.com Cc: net@FreeBSD.ORG Subject: Re: resolver behaviour Message-ID: <199812052303.PAA00885@bubba.whistle.com> In-Reply-To: <36309.912891594@gjp.erols.com> from Gary Palmer at "Dec 5, 98 03:59:54 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Gary Palmer writes: > Tony Kimball wrote in message ID > > IMO, current resolver behaviour is not appropriate. > > > > I would like the resolver to try all the nameservers at once, and > > return any positive lookup response. > > Can you say `packet storm'? I knew you could ... All our servers here run > local nameservers, and only have secondary nameserver entries listed for the > rare occasions named core dumps. I don't want to go increasing the ammount of > UDP traffic on to my backup nameservers by a factor of 50 (if not more). Even > switched fastether can only take so much. > > Seems your problem is not the resolver, but your nameserver setup. My guess i > problems arise from doing lookups on `internal' addresses on `external' > nameservers? The correct solution then is to run a nameserver on the firewall > and force it to bind only to 127.0.0.1. You use that in your resolv.conf, and > teach it enough about the topology to answer properly. For split-DNS stuff and firewalls, where you want to direct queries for different domains to different name servers, you might find this patch useful.. ftp://ftp.whistle.com/pub/archie/misc/forwardzone.html -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812052303.PAA00885>