Another thought: Would it make any sense for ASSP to have 2 sets of DNS
servers, with the second set (optional) being used for those services that
would not work well with a dns server that forwards? Then we could use a
fast DNS server (for us internal) that forwards for general lookups and an
internal non-forwarding server which has to look to root hints and not
forward for all of the other queries.
I think I can fake this by modifying the DNS servers that we use, but my
proposal would be a generic feature for all.
Just a thought. Interested in your opinions.
On Mon, Mar 7, 2016 at 4:59 PM, K Post <[email protected]> wrote:
> I know that running ASSP pointing to dns servers that use forwarding is
> HIGHLY discouraged, and I understand why.
>
> For performance reasons, I'd like to start using forwarders on our 3
> internal dns servers (the same servers that ASSP uses). Other than for
> ASSP, forwarders would be quite beneficial, and I think for general
> queries, like looking for ptr, a, and mx records, forwarders would be good
> for ASSP too.
>
> Our Windows DNS servers allow for *conditional* forwarding where certain
> queries can be directed to a specific group of servers. My idea is to turn
> forwarding on for our servers (probably to google's public DNS servers
> which seem VERY fast and reliable) but then turn on conditional forwarding
> to those queries that ASSP uses where conditional forwarding would cause a
> problem (Senderbase and Realtime Balcklist for example) to point to a new
> 4th DNS server that doesn't use forwarding and instead looks to the root
> DNS servers. That's essentially turning off forwarding for the specified
> requests. If that 4th server goes down or doesn't respond, then forwarders
> would be used until its restored.
>
>
> So for example:
> Anything querying a senderbase.org hostname would look to our new
> internal dns server x.x.x.x that doesn't forward, as would whatever the RWL
> lookups,
>
> I know I'd need to do this at a minimum for Senderbase,
> RBLServiceProviders, URIBLServiceProvider
>
> How about the whois lookups?
> "ARIN" => "whois.arin.net"
> "RIPE" => "whois.ripe.net"
> "APNIC" => "whois.apnic.net"
> "KRNIC" => "whois.krnic.net"
> "LACNIC" => "whois.lacnic.net"
> "AFRINIC" => "whois.afrinic.net"
>
> Did I miss any services?
>
> *And most importantly, I'd love to get community feedback whether this is
> a good idea or not.*
>
> Thanks
> Ken
>
>
>
>
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
