My kingdom for a working DNS

Thu Feb 5 16:13:07 UTC 2004

At 07:29 2/5/2004, you wrote:
>I noticed all posts talked about caching DNS. I
>haven't got the faintest idea of what it really is. I
>figure it's a system which checks with an external DNS
>(maybe the one in my resolv.conf now) and makes a copy
>of the whole list on my computer. Then I should point
>resolv.conf to 127.0.0.1. Is this right?

Close. A local (meaning "in your own network") caching nameserver does not 
authoritatively answer for any domains. All it does it help you find the 
answer to your DNS questions (resolve those queries, in technical-speak). 
The word "caching" comes in because, when it finds an answer, it caches 
that answer for some time in order to provide quicker answers to the next 
guy who asks, and also to reduce traffic on your outside Internet connection.

If you install a caching nameserver, then yes... it is best to point your 
resolv.conf to 127.0.0.1 and tell all other computers on your network to 
ask this one (not 127.0.0.1 but rather its network IP address, something 
like 192.168.0.1 probably). However, if you only have two or three 
machines, you may find yourself best served by not worrying about this at 
all and simply using your ISP's DNS server as you are doing now. That's the 
very reason they have one... so you don't have to. :-)

>1) Does this speed up my internet connection?

Not really. Your DNS server does the same amount of work that your ISP's 
server does, and likely takes just as long.

>2) Is it reliable? Supposing the DNS table changes,
>does the copy on my HD change the first time I connect
>to the net, or is there a manual procedure to update
>it?

Every given record has an expiration time; it's not a whole table. So you 
ask for www.yahoo.com, you get an answer, and that answer is kept in cache 
for 3 hours (as an example). That particular piece of data will expire in 3 
hours, and then the question will be asked again if needed. Within those 
first three hours, if you ask for www.yahoo.com again you will get an 
answer from the cache in about 1ms. Note that your ISP would return an 
answer almost as fast, within the same time frame of three hours or so, and 
with less work on your part.

>3) Brian Fahrlander said "Keep things simple to get
>the functionality, THEN improve it to make it easier
>on all those involved." Does that mean that caching
>DNS reduces the load on the net?

Yes, it reduces the traffic on the net somewhat (since now three people are 
all sharing a DNS server). This, however, assumes that you configure your 
DNS server to always ask your ISP's server /first/ before going out and 
finding the answer on its own. That's called a "forwarder", and setting one 
up allows you to take advantage of the fact that likely at least one of the 
thousands of customers your ISP has, wanted www.yahoo.com within the last 
three hours. If you don't check your forwarders first, then you will likely 
generate /more/ traffic for the Internet as a whole, not less.

Setting up your own DNS server has its benefits, and is not all that hard. 
What I'm trying to show is that, if all you're doing is surfing, and 
e-mail, and generally speaking you are a client and not a server for 
anything, doing your own DNS at home is likely more work than it's worth. 
And one more program running is one more potential security hole someday. 
So it's not a magic cure that everyone should take... it's a great and 
useful tool that /might/ be wonderful for you, but maybe not.

-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com