dns question

Ed Greshko Ed.Greshko at greshko.com
Tue Jun 6 04:05:04 UTC 2006 

Don Russell wrote:

> Yes, I just looked at that... the file has a different name (named.ca),
> but it seems to describe all the root servers....
> 
> I gather that means my FC5 box is now using the root servers directly to
> resolve addresses instead of "lower", possibly caching, servers.

Not really...  Your DNS server is contacting the root servers and they
in turn are telling your server where to go to find the information.
Your server is then contacting that server for the information.

> hmmm, that doesn't sound good... :-(  But I'm pretty new to dns details....

Oh, it is actually OK/good.  You've set up what is referred to as a
caching name server.  To steal text from a site....

"A Caching Server obtains information from another server (a Zone
Master) in response to a host query and then saves (caches) the data
locally. On a second or subsequent request for the same data the Caching
Server will respond with its locally stored data (the cache) until the
time-to-live (TTL) value of the response expires at which time the
server will refresh the data from the zone master.

If the caching server obtains its data directly from a zone master it
will respond as 'authoritative', if the data is supplied from its cache
the response is 'non-authoritative'.

The default BIND behaviour is to cache and this is associated with the
recursion parameter (the default is 'recursion yes'). There are many
configuration examples which show caching behaviour being defined using
a type hint statement in a zone declaration. These configurations
confuse two distinct but related functions. If a server is going to
provide caching services then it must provide recursive queries and
recursive queries need access to the root servers which is provided via
the 'type hint' statement."

All that is well and good....but I would make sure that you don't allow
DNS queries from outside of your network.  For various reasons.

Ed


-- 
Shall we make a new rule of life from tonight: always to try to be a
little kinder than is necessary?
		-- J.M. Barrie

More information about the fedora-list mailing list