On Wed, Feb 12, 2003 at 11:09:33AM +0100, Bjarne Wichmann Petersen wrote: > On Wednesday 12 February 2003 10:43, Frank Tegtmeyer wrote: > > > > 3) Since I'm only aiming for a dns-cache I'm right in assuming I should > > > keep my hands away from all the zone-stuff? > > Much better: follow the instructions in > > http://cr.yp.to/djbdns/install.html and > > http://cr.yp.to/djbdns/run-cache.html > > and then forget any dns- and dns related security problems. > > Tried it, but really got confused trying to install it. Ended up having a > service dir created all over my system. Never got it to work. > > But looks like I got bind working (my firewall blocked quiries), but it > doesn't look like a dnscache is solving my problem. *Still* takes forever for > my box to resolve eg. doubleclick.net. This is *REALLY* getting on my nerves > to sit and wait ½-5 minutes for a page to load because some unresolvable > server is blocking. > > Anyone know how to solve this issue?
I have just tried to resolve doubleclick.net, and the first hit took around three seconds. Thereafter, with it cachedi locally, it came back in at most 0.02 seconds. I reckon your best bet is to persevere - does the cache demonstrate any advantage at all? I put my upstream (ISP's) caches in the forwarders section in named.conf. While not strictly necessary, as already pointed out, it can give you the advantage of tapping into a huge set of cached data on your ISP's servers. Suck it and see - I cannot believe that you are the only person connecting through your ISP who gets pelted with these bloody ads from doubleclick. Check for messages in /var/log/messages, or whatever file your named logs to. > And where *does* named/bind store it's cache-data? In RAM, where it's most useful. Using the (r)ndc utility, you can make it dump its cache to a predefined file if you ever fancy taking a stroll through it. -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message