[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getting dhclient to update bind forwarders IPs

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: getting dhclient to update bind forwarders IPs
From: Alexander Bochmann <ab_(_at_)_lists_(_dot_)_gxis_(_dot_)_de>
Date: Tue, 12 Jul 2005 17:05:17 +0200

...on Tue, Jul 12, 2005 at 09:38:43AM -0400, Will H. Backman wrote:

 > > For the other part, if you're running your own nameserver,
 > > why would you want to use forwarders at all?
 > The use of forwarders is a good thing.  It reduces the load on the root
 > servers, and your DNS server gets to use closer servers that may already
 > have the answer.

I might have said something similar 
10 years ago, but hey, it's 2005 now...

The root servers are least affected, 
because they will be cached first.

The TLD servers will get a little more 
traffic, but hey - they're paid to handle 
that.

The single domains probably won't notice 
at all, as it doesn't fundamentally change 
their usage pattern.

It's not as if we're talking about a scarce 
resource here, so the overall effect is 
probably pretty negligible.

Also, if you're using a forwarder outside 
of your control, you have to trust it's 
cache contents, which increasingly tends not 
to be a good thing (apart from cache poisoning 
attacks, just as an example, there are attempts 
to force German ISPs to block access to certain 
domains by altering the data returned by their 
customer resolvers).

Today, the only valid reason to use a 
forwarder is if you're not allowed to do 
direct DNS queries.

Alex.

Prev by Date: Re: program(s) needed for an authentication server
Next by Date: Re: ISAKMPD VPN w/ Cisco Concentrator
Previous by thread: Re: getting dhclient to update bind forwarders IPs
Next by thread: round-robin question
Index(es):
- Date
- Thread

Visit your host, monkey.org