On Mon, 15 Aug 2016 04:21:45 -0700 Rick Moen <[email protected]> wrote:
> Quoting richard lucassen ([email protected]): > > > On my workstations I have no caching DNS. > > The term 'caching DNS' doesn't actually mean anything.[1] All DNS > software _caches_; even the stub resolver in glibc caches. I spoke > of something different and quite specific: a local recursive > resolver. Unbound is a (local) caching resolver. Or a (local) recursive resolver. But tinydns, which I use for internal resolving is an iterative resolver. Tinydns does NOT cache at all. And as I use split horizon for my internal network I have 1 caching resolver and one tinydns: $ host ssl1.xaq.nl ssl1.xaq.nl has address 192.168.64.24 $ host ssl1.xaq.nl 8.8.8.8 ssl1.xaq.nl has address 194.109.75.188 ssl1.xaq.nl has IPv6 address 2001:984:c40c:64::24 > And what I was saying is: You should run one on modern networked *ix > machine generally. Because it's 2016. I do not agree. If the local machine generates quite a bunch of queries than you're right. So, if you have (in 2016) let's say forty servers running in a network, they are all going to query the root servers? I think it's better to have one resolver that does the job for such a network. But you're right to install a caching DNS on a server that makes a lot of queries. I'd use that caching DNS as a forwarder to the central DNS and not one that is going to bother the root-servers. > > There is one in the network that's the one that is in dhcpd.conf. > > Even DHCP-client hosts can have local recursive resolvers. This is > useful: > > http://qref.sourceforge.net/Debian/reference/ch-gateway.en.html#s-dns-resolvconf > or > http://roy.marples.name/projects/openresolv/index If you do a lot of repetitive queries > > And even though you have an caching resolver, if your network > > settings are wrong during boot, there is nothing to be gained with > > a local resolver ;-) > > If you cannot reach _127.0.0.1_ because 'your network settings were > wrong during boot', you have somehow managed to achieve such an epic > degree of TCP/IP failure that I'm not sure you should be running *ix > machines. ;-> Wrong ;-) If your local caching resolver is trying to query the root servers and it is not able to find its way out, than you will have a timeout problem. > Fortunately, I don't think that's even possible. > > [1] Here is an article that may help you with terminology, one I wrote > after one too many person insisted on using the meaningless term > 'caching nameserver': http://linuxmafia.com/~rick/lan.html Let me put it this way, it all in how we call things: a caching or a recursive resolver has, when it starts, an empty cache and NO database. An iterative resolver has NO cache but just a database. dnscache is a caching only resolver tinydns is a simple iterative resolver BTW: I don't use bind. I like the way Dan Berstein seperates the recursive and the iterative resolver. R. R. -- richard lucassen http://contact.xaq.nl/ _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
