-bump-
On Tue, Mar 8, 2016 at 10:12 AM, K Post <nntp.p...@gmail.com> wrote:
> Another thought: Would it make any sense for ASSP to have 2 sets of DNS
> servers, with the second set (optional) being used for those services that
> would not work well with a dns server that forwards? Then we could use a
> fast DNS server (for us internal) that forwards for general lookups and an
> internal non-forwarding server which has to look to root hints and not
> forward for all of the other queries.
>
> I think I can fake this by modifying the DNS servers that we use, but my
> proposal would be a generic feature for all.
>
> Just a thought. Interested in your opinions.
>
>
> On Mon, Mar 7, 2016 at 4:59 PM, K Post <nntp.p...@gmail.com> wrote:
>
>> I know that running ASSP pointing to dns servers that use forwarding is
>> HIGHLY discouraged, and I understand why.
>>
>> For performance reasons, I'd like to start using forwarders on our 3
>> internal dns servers (the same servers that ASSP uses). Other than for
>> ASSP, forwarders would be quite beneficial, and I think for general
>> queries, like looking for ptr, a, and mx records, forwarders would be good
>> for ASSP too.
>>
>> Our Windows DNS servers allow for *conditional* forwarding where certain
>> queries can be directed to a specific group of servers. My idea is to turn
>> forwarding on for our servers (probably to google's public DNS servers
>> which seem VERY fast and reliable) but then turn on conditional forwarding
>> to those queries that ASSP uses where conditional forwarding would cause a
>> problem (Senderbase and Realtime Balcklist for example) to point to a new
>> 4th DNS server that doesn't use forwarding and instead looks to the root
>> DNS servers. That's essentially turning off forwarding for the specified
>> requests. If that 4th server goes down or doesn't respond, then forwarders
>> would be used until its restored.
>>
>>
>> So for example:
>> Anything querying a senderbase.org hostname would look to our new
>> internal dns server x.x.x.x that doesn't forward, as would whatever the RWL
>> lookups,
>>
>> I know I'd need to do this at a minimum for Senderbase,
>> RBLServiceProviders, URIBLServiceProvider
>>
>> How about the whois lookups?
>> "ARIN" => "whois.arin.net"
>> "RIPE" => "whois.ripe.net"
>> "APNIC" => "whois.apnic.net"
>> "KRNIC" => "whois.krnic.net"
>> "LACNIC" => "whois.lacnic.net"
>> "AFRINIC" => "whois.afrinic.net"
>>
>> Did I miss any services?
>>
>> *And most importantly, I'd love to get community feedback whether this is
>> a good idea or not.*
>>
>> Thanks
>> Ken
>>
>>
>>
>>
>>
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
