On Sun, Apr 18, 1999 at 12:26:15AM -0700, Matthew Dillon wrote:
>
> Setting a forwarders chain sucks, because named doesn't do the right thing
> with it -- even if you have multiple entries, if the first one is
> unreachable it will create a significant delay for nearly all your
> DNS requests which can seriously degrade scripts and servers.
Uh, didn't know that, thanks. Well, here I use only one forwarder
entry as the leaf site of an ISP. I forward all DNS traffic to
the DNS Server, that is located in the same segment as the NAS.
Don't want to act as a secondary for the whole gtn.com. domain,
because my machine often boots, so the extra traffic of the
zone transfers isn't welcome ;-)
> The safest way to set up a reliable DNS server is very similar to what
> you have above, but without forwarders.
O.k., understand that. But would do that only in my own network.
If you have for example a machine in a customers network for doing
some analysis task, I wouldn't setup secondaries, to be more silent
in the network.
> * You install a root cache. i.e., no forwarders. No remote cache... only
> local caching. root.zone can be obtained from ftp.rs.internic.net as
> the file domain/root.zone.gz.
I run this from cron, this makes things easier on the long run:
0 18 * * 0 dig @a.root-servers.net . ns > /etc/namedb/named.root.new && mv
/etc/namedb/named.root.new /etc/namedb/named.root
> * You then secondary the domains that are most critical for your machine's
> proper booting and operation. For example, at BEST each of our machines
> secondaries the best.com domain.
Good idea.
Andreas ////
--
Andreas Klemm http://www.FreeBSD.ORG/~andreas
http://www.freebsd.org/~fsmp/SMP/SMP.html
powered by Symmetric MultiProcessor FreeBSD
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-current" in the body of the message
