Date: Mon, 13 Jul 2009 13:03:24 -0400 From: Jon Radel <jon@radel.com> To: John Almberg <jalmberg@identry.com> Cc: freebsd-questions@freebsd.org Subject: Re: Should DNS be on same server as webserver? Message-ID: <4A5B68DC.2070505@radel.com> In-Reply-To: <8195A2D9-F7AC-49F8-969E-A13EDFA3C05A@identry.com> References: <8195A2D9-F7AC-49F8-969E-A13EDFA3C05A@identry.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms080305090308080902050303 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit John Almberg wrote: > > The other day, a FreeBSD 'expert' told me that it is important to have > the DNS server for a domain on the same server as the domain's web > server. Supposedly, this saves doing tons of DNS look ups over the > network. Instead, they are done locally. > > This makes sense to me, but I wonder if the performance difference is > really that significant? In my experience, you're straying well into "it all depends" and "you'll have to benchmark your situation and see" territory. I once walked into a situation where a web server was setup to do a reverse lookup on all log entries, and the DNS servers were on the far end of an overloaded 56 kbps line. That was miserable, stupid slow and quickly cured by setting up a resolving name server on the web server. On the other hand, in situations where my name servers have been on the same high-quality gigE switch as the web servers, I've never noticed an issue, but then I don't run any really high-volume servers. On the third hand (too many years in front of CRTs), Apache and Bind have both had their security issues over the years, and there's something to be said for running them on different servers to reduce both the "all eggs in one basket" factor and the ease of spreading an attack. (Yes, I'm assuming what you're actually running....) If you want performance and security, you might consider running your authoritative dns servers for your domain on a different server, while on your web server you run a light-weight caching dns server reachable only on the loopback interface. -- --Jon Radel jon@radel.com --------------ms080305090308080902050303 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJMTCC AvMwggJcoAMCAQICEB1eDeVYxhAO39zOEnHiAbwwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDIyNTA0MTMyNloX DTEwMDIyNTA0MTMyNlowXjEOMAwGA1UEBBMFUmFkZWwxEzARBgNVBCoTCkpvbiBUaG9tYXMx GTAXBgNVBAMTEEpvbiBUaG9tYXMgUmFkZWwxHDAaBgkqhkiG9w0BCQEWDWpvbkByYWRlbC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeT7qtj+euqWr2wXM7OnwrXJe9 Jlc0CGaM69AcTWOFakRY7MUXrqcmF5WjrqrMoagfGjS362eb6787x313ZdLoGuQPh/o2Mqp4 BbSgcnGZRj82SxkUmSN6+2q5ZOOYA6JmfvJwmBuRQ8sHki4GnoSwbIc11a70/z4at5qRi8bb /RtmJYewnpwXErfuuq0hhVSsYKFPXELzSahlpyC+lUfIdgvLJGxc7eU5QuvtYmuohNjn4k9C SJinvfjFbkvgbIgtvZxxmcE74NsKTeW2bEwgoCjZlcAD/QMgLE9KGSVn4/LzC/OZwkPKcWKO CPTNIZK1P+HxaIW4BvvYtjLu2Qx5AgMBAAGjKjAoMBgGA1UdEQQRMA+BDWpvbkByYWRlbC5j b20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQBT+qFXV8sexrNOJuK8rhVpnCNF iFslD9Kelhon5Tt1tlTsw+B9F9B8ys9tfV559tzVqE+ULcqnjX2rsaJCwFmn6gyucCN0yGML h1O4ddsNQmoTOILyBCv/rkfO4tbXJM3si2JDNPZnL/0Rf3FpDTc3U3SnAdqE1a/8PGBTTmay VDCCAvMwggJcoAMCAQICEB1eDeVYxhAO39zOEnHiAbwwDQYJKoZIhvcNAQEFBQAwYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDIyNTA0MTMy NloXDTEwMDIyNTA0MTMyNlowXjEOMAwGA1UEBBMFUmFkZWwxEzARBgNVBCoTCkpvbiBUaG9t YXMxGTAXBgNVBAMTEEpvbiBUaG9tYXMgUmFkZWwxHDAaBgkqhkiG9w0BCQEWDWpvbkByYWRl bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeT7qtj+euqWr2wXM7Onwr XJe9Jlc0CGaM69AcTWOFakRY7MUXrqcmF5WjrqrMoagfGjS362eb6787x313ZdLoGuQPh/o2 Mqp4BbSgcnGZRj82SxkUmSN6+2q5ZOOYA6JmfvJwmBuRQ8sHki4GnoSwbIc11a70/z4at5qR i8bb/RtmJYewnpwXErfuuq0hhVSsYKFPXELzSahlpyC+lUfIdgvLJGxc7eU5QuvtYmuohNjn 4k9CSJinvfjFbkvgbIgtvZxxmcE74NsKTeW2bEwgoCjZlcAD/QMgLE9KGSVn4/LzC/OZwkPK cWKOCPTNIZK1P+HxaIW4BvvYtjLu2Qx5AgMBAAGjKjAoMBgGA1UdEQQRMA+BDWpvbkByYWRl bC5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQBT+qFXV8sexrNOJuK8rhVp nCNFiFslD9Kelhon5Tt1tlTsw+B9F9B8ys9tfV559tzVqE+ULcqnjX2rsaJCwFmn6gyucCN0 yGMLh1O4ddsNQmoTOILyBCv/rkfO4tbXJM3si2JDNPZnL/0Rf3FpDTc3U3SnAdqE1a/8PGBT TmayVDCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhh d3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNp b24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJ ARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3 MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAo UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBD QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me 7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQq E88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEA AaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9j cmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIB BjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcN AQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNw PP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq72 6jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNkMIIDYAIBATB2MGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQHV4N5VjGEA7f3M4SceIBvDAJ BgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wOTA3MTMxNzAzMjRaMCMGCSqGSIb3DQEJBDEWBBQ09YfPVZCOcD0t5HpqOmM0bc6acjBS BgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEB1eDeVYxhAO39zOEnHi AbwwgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0ECEB1eDeVYxhAO39zOEnHiAbwwDQYJKoZIhvcNAQEBBQAEggEAH0Qw KJxKQy8VzD8bprwrbppII23015V8hSqjSKbC05MIyzQT1oM/2bswj0pDrP+hEXC31Vg77fut pNAOtFjamJ35vA4aO9WCZuZPoiorIJfRDAzsNrsCxy14X4ZLzb1/WusRa7Wa8s1IHPchN5bA bp/+G3g/xnYb6QRnmkYOO6PKlm3EqEurCVkuLrt3bONpW+SV11ucoJgZ6ToA3vcBRYMdzjMR 2rWLUKFUIFYoazPgNe67DjXLKEtbDHItRNpiUoT3twt6WPPirG7uKFYvvNlYHMiSTPPSe3eU U7rP2rZqjLEpQ0MAsqmJOR+vyrxRd0ldQLBji+PCVElWCHMoXAAAAAAAAA== --------------ms080305090308080902050303--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A5B68DC.2070505>