On Sat, Jun 12, 2004 at 07:16:16PM -0600, Rodolfo J. Paiz wrote:
Kenneth, while your comment is technically correct, in my not-so-humble
opinion it is a very poor recommendation to give others. Having every
nickel-and-dime home network go straight to the root servers is going to
create exponential growth of the load on those servers; the fact that large
backbone providers serve ISP's who in turn serve their customers is one of
the things that helps make the Internet scalable.
For the huge majority of people, the *proper* way to configure a
caching-nameserver is to set up one or two forwarders to be checked first
before going to the root servers. The additional penalty in speed is in
milliseconds (which those small networks won't even notice), and the
potential for cache poisoning, while real, is also tiny. I very, very
strongly disagree with your advice: it is technically correct and valid,
but sadly lacking in netiquette and good network design.
I believe you are exaggerating the case. Anybody who uses DHCP (I
expect this to be the strong majority of all users, even once IPv6
becomes common) will use the settings defined by their ISP. The
people who are left, are a minority.
The perceived benefit of directing this minority of people through an ISP's
name server is the assumption that DNS queries performed have a chance of
already being in the ISP's name server cache.
In my case, most of my DNS lookups are DNSBL failures. These are not
likely to be cached by the ISP's name server cache, nor perhaps,
should they be.
For the rest of us with broadband access, the time saved doing the lookups
directly *is* noticable. In fact, in my case, I am actually located
network-closer to the root domains severs, than my ISP's domain name
server is (this is something that they may fix in the future).
More recently, I've experienced the problem that my ISP's domain name
server was down (no route to host). I had thought I could handle this
case. My name server would fallback to the root domain servers for
resolution. It doesn't work. My DNS clients time out before my name
servers times out doing a recursive lookup through the ISP's domain
name server (that it cannot contact).
Using the ISP's domain name server for networks such as mine are asking
for trouble.
In terms of a recommendation, I would recommend that any users who don't
know what they are doing, should use DHCP, and allow the ISP to configure
/etc/resolv.conf for them. For the rest of us, using the ISP's name server
is not going to save anybody anything. Sure, common queries such as
yahoo.com or google.com are going to be cached. Big deal.
mark
--
mark@xxxxxxxxx/markm@xxxxxx/markm@xxxxxxxxxxxxxxxxxx __________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Neighbourhood Coder
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, Ontario, Canada
One ring to rule them all, one ring to find them, one ring to bring them all
and in the darkness bind them...
http://mark.mielke.cc/
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
