How can I launch a private Internet DNS server?
Bob Harold
rharolde at umich.edu
Thu Nov 5 13:36:56 UTC 2020
On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover <isc at nixmagic.com> wrote:
> On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote:
> > A good secondary offloads your server
> > noticeably, and
> > keeps the domain alive in case of temporary failures.
>
> AFAIK, authoritative slave servers are only used when the master is
> confirmed to be down. Lookups take significantly longer in such cases
> since for every request, the master will be asked first. This can take
> between 2-4s. There are no performance benefits to running multiple
> name servers as master-slave, though it's fairly easy and offers good
> redundancy (a slow lookup is still better than no lookup). A commercial
> service will have to support zone transfer from your master, and said
> master has to have that commercial service authorized to pull your
> zone(s). I haven't personally heard of such services, and would
> probably just run another BIND box somewhere else (different hosting
> provider or something like that).
> --
> Michael De Roover <isc at nixmagic.com>
>
You appear to have confused 'secondary' authoritative servers with a second
'resolver'.
Authoritative servers - listed in the NS records - are used by other DNS
servers, not by end users, and they will get used equally with the slaves,
if your parent zone has the right NS records also. Those are good to
outsource the secondaries.
But a second resolver - the addresses listed in /etc/resolv.conf or the
"DNS servers" seen in windows client settings, will only be used by the
client if the first server does not respond. For that, you can use a
public resolver like Google 8.8.8.8 as the second choice for your users.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201105/270f67a1/attachment.htm>
More information about the bind-users
mailing list