My kingdom for a working DNS
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu Feb 5 16:13:07 UTC 2004
At 07:29 2/5/2004, you wrote:
>I noticed all posts talked about caching DNS. I
>haven't got the faintest idea of what it really is. I
>figure it's a system which checks with an external DNS
>(maybe the one in my resolv.conf now) and makes a copy
>of the whole list on my computer. Then I should point
>resolv.conf to 127.0.0.1. Is this right?
Close. A local (meaning "in your own network") caching nameserver does not
authoritatively answer for any domains. All it does it help you find the
answer to your DNS questions (resolve those queries, in technical-speak).
The word "caching" comes in because, when it finds an answer, it caches
that answer for some time in order to provide quicker answers to the next
guy who asks, and also to reduce traffic on your outside Internet connection.
If you install a caching nameserver, then yes... it is best to point your
resolv.conf to 127.0.0.1 and tell all other computers on your network to
ask this one (not 127.0.0.1 but rather its network IP address, something
like 192.168.0.1 probably). However, if you only have two or three
machines, you may find yourself best served by not worrying about this at
all and simply using your ISP's DNS server as you are doing now. That's the
very reason they have one... so you don't have to. :-)
>1) Does this speed up my internet connection?
Not really. Your DNS server does the same amount of work that your ISP's
server does, and likely takes just as long.
>2) Is it reliable? Supposing the DNS table changes,
>does the copy on my HD change the first time I connect
>to the net, or is there a manual procedure to update
>it?
Every given record has an expiration time; it's not a whole table. So you
ask for www.yahoo.com, you get an answer, and that answer is kept in cache
for 3 hours (as an example). That particular piece of data will expire in 3
hours, and then the question will be asked again if needed. Within those
first three hours, if you ask for www.yahoo.com again you will get an
answer from the cache in about 1ms. Note that your ISP would return an
answer almost as fast, within the same time frame of three hours or so, and
with less work on your part.
>3) Brian Fahrlander said "Keep things simple to get
>the functionality, THEN improve it to make it easier
>on all those involved." Does that mean that caching
>DNS reduces the load on the net?
Yes, it reduces the traffic on the net somewhat (since now three people are
all sharing a DNS server). This, however, assumes that you configure your
DNS server to always ask your ISP's server /first/ before going out and
finding the answer on its own. That's called a "forwarder", and setting one
up allows you to take advantage of the fact that likely at least one of the
thousands of customers your ISP has, wanted www.yahoo.com within the last
three hours. If you don't check your forwarders first, then you will likely
generate /more/ traffic for the Internet as a whole, not less.
Setting up your own DNS server has its benefits, and is not all that hard.
What I'm trying to show is that, if all you're doing is surfing, and
e-mail, and generally speaking you are a client and not a server for
anything, doing your own DNS at home is likely more work than it's worth.
And one more program running is one more potential security hole someday.
So it's not a magic cure that everyone should take... it's a great and
useful tool that /might/ be wonderful for you, but maybe not.
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the fedora-list
mailing list