Caching resolver and options rotate

Brent Jones brent at servuhome.net
Sat May 17 01:43:00 UTC 2008


On Fri, May 16, 2008 at 4:58 PM, Chris Buxton <cbuxton at menandmice.com>
wrote:
> Assuming your caching resolving is a BIND name server, it will ignore
> resolv.conf.
>
> BIND 9.3 and later will use the RTT algorithm when choosing between
> forwarders. It sounds like you're planning to use forwarders, as in:
>
> options {
>        [... other statements ...]
>        forwarders { 192.0.2.1; 192.0.2.2; 192.0.2.3; };
> };
>
> You may find it better, however, not to use forwarding at all - to use your
> DNS server as the final recursion server, instead of passing the buck
> upstream to your ISP. That way, you don't depend on the stability and
> security of their name servers for anything. (If you do decide to use
> forwarding, you should be absolutely sure that your ISP's name servers run a
> current version of BIND 9 rather than BIND 8, or a current version of MS DNS
> rather than MS DNS before about Win2K3 SP1, before you set up forwarding.
> Otherwise, bad things can come of forwarding, relating to DNS cache
> poisoning, and therefore pharming attacks.)
>
> Chris Buxton
> Professional Services
> Men & Mice
>

 The reason to make this caching server was to alleviate load from our
upstream DNS, they told us we are alone stressing their current DNS servers,
and to be respectful we were going to have an internal caching DNS that
would use them upstream for queries we havent cached. Would still us their 4
NS's, but alleviate a lot of the queries going upstream, and bring response
time lower for ourselves.

Wouldn't using root servers directly just add to the burdon of the root
servers?



-- 
Brent Jones
brent at servuhome.net




More information about the bind-users mailing list