On 2/26/2009 1:51 PM, Martin Hepworth wrote:
2009/2/26 Elsa Andrés <e.and...@ist-sci.com>:
Matt Kettler-3 wrote:
Looks like your ISP's DNS server is very slow.
Well, I am using the same dns server in another machine and just works fine
here, also with SA (3.2.3) and dnslb checks.
Anyway, I tested with another dns server (opendns ones) and got the same
result (time out).
Matt Kettler-3 wrote:
I would very seriously consider setting up a local caching DNS server,
and possibly allow it to locally resolve if the ISP server is being slow
(ie: "forward first" instead of "forward only"). Or, if you've got
decent bandwidth, and a lot of hosts, just set up your own resolver and
don't even bother forwarding to them.
This is not a server with high volume of queries, so I guess using "named"
would not make any difference, just in this case.
it will make a huge difference, I've seen it knock seconds off scan
times (20 isn't uncommon). If you examine the DNS protocol itself you
should be able to figure out why.
I'd also think about using opendns as the forwarder for you
organisation if your ISP's DNS servers are being so slow.
Not always a good plan when you notice that some blacklists *may* not
give you any positive hits when using openDNS.
As Matt put it, a local caching server doing no forwarding is the ideal.
