DNS Etiquette
Kevin Darcy
kcd at daimlerchrysler.com
Thu Sep 28 22:20:45 UTC 2000
Todd wrote:
> I have inherited a server running bind4 something configured as a primary
> server for my domain. (xyz.com). I used the named-bootconf.pl script to
> convert the config file to bind 8, copied the db files to the new
> server(Mandrake7.1), patched bind and am up and running.
>
> The use of the DNS server is so internally we can pop and ftp to our own
> site without using IP addresses (192.168.x.x), and as a caching server for
> lookups, and reverse lookups when the firewall log is cruched. Also, I
> really want to setup dynamic dns / dhcp.
>
> My etiquete questions:
>
> The db.cache file points to root name servers only. It seems un-friendly for
> my small company to be sending requests directly to root servers. Do the NS
> records in the db files off load some of the request to the root servers if
> I set them to our ISP's name servers.
No, you can only put root servers in the hints file, and even if your servers
are authoritative for an "internal root" zone, you wouldn't mix them in with
the Internet root servers in the same hints file. Don't worry about "etiquette"
here: you'll only be sending queries to the root servers once when you start up
and thereafter only when you encounter a new TLD, e.g. a country-code domain.
That means only 4 queries for ".", "com", "net" and "org", 1 query apiece for
any other TLD. After each TLD query, you'll just use cached referral
information to contact the appropriate nameservers directly.
If, hypothetically, you had a *lot* of nameservers that you were restarting
frequently, then it might be considered good etiquette to set up forwarding
arrangements between them, in order to reduce the traffic to the root and
TLD servers. But it sounds like you're not in that situation.
> The other question is should I be set up as a primary server for xyz.com. It
> seems I must because for internal request to be resolved (192.168.x.x) no
> Internet Name server will help.
I don't understand. You already said you were primary for xyz.com. Do you mean
"should I be primary for 168.192.in-addr.arpa?"? Yes, if you are using that
private range, you should be authoritative for it. Otherwise, you may
"leak" reverse queries for addresses in that range to the Internet, which is
non-productive and a violation of etiquette.
- Kevin
More information about the bind-users
mailing list