Forwarders and performance

Glen Turner glen.turner at adelaide.edu.au
Mon Oct 25 05:30:40 UTC 1999


Steve Snyder wrote:

> 2. There is a long term (named has been running for a while) gain to
> *not* having these to options defined as this forces all name resolution
> to be done via the root nameservers.

This depends on your round-trip time to the root nameservers.

A trans-Pacific hop to a root nameserver will cost 160mS to
480mS, so we in Australia always win by forwarding to a
well-populated forwarder located on the near side of the
big hop.

As an aside, you should be careful whom you are resolving
queries for if you are running a caching name server.
Otherwise they can be used to launch a denial of service
attack nearby well-connected machines (such as your
organisation's web server).  See the advisory at

 ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004

-- 
 Glen Turner                               Network Specialist
 Tel: (08) 8303 3936          Information Technology Services
 Fax: (08) 8303 4400         The University of Adelaide  5005
 Email: glen.turner at adelaide.edu.au           South Australia


More information about the bind-users mailing list