> My local resolver is going to to be the fastest for local
> email lookups, especially cached ones.
same here; as long as the local DNS resolver(s) are
correctly configured, they are in most (if not all) cases
faster than any external one and btw you have some
BIG pluses then since not only you can directly control
the values for cache and other parameters but using a
local resolver you'll also be able to keep *local* copies
of DNSBLs/URIBLs and speed up lookups a lot
For example, imagine having a box running BIND as the
recursive resolver; you may start by improving the whole
resolution process by just setting up a slave copy of the
root zones and sparing a lookup hop, this way
// forward root zone
zone "." {
type slave;
file "root.db";
notify yes;
masters {
192.5.5.241;
192.228.79.201;
192.33.4.12;
};
};
// reverse root zone (v4)
zone "in-addr.arpa" {
type slave;
file "inaddr.db";
notify yes;
masters {
192.5.5.241;
192.33.4.12;
};
};
the above means that YOUR BIND will keep local copies for both the
forward and reverse root zones so sparing a hop during lookups and
speeding up things; then, having a second box, you may install a copy
of "rbldnsd" (http://www.corpit.ru/mjt/rbldnsd.html) on it and host
LOCAL
copies of some DNSBLs, for example, assuming the rbldnsd box is
at IP 192.168.1.100 your BIND config may contain something like
zone "zen.spamhaus.org" {
type forward;
forward first;
forwarders { 192.168.1.100; };
};
zone "dul.dnsbl.sorbs.net" {
type forward;
forward first;
forwarders { 192.168.1.100; };
};
//.... add more as needed ...
the above means that the DNSBL lookups will be lightning fast and
they won't "bash" on the DNSBL servers so allowing you to carry on
a whole lot of queries w/o any "bandwidth capping"; by the way you
will have to arrange things with the various DNSBLs to be allowed to
transfer zones from them, but this isn't a problem, most zones will
allow that for free or for a decent fee and, as I wrote, your DNSBL
or URIBL lookups will be a greased lightning... and all this isn't
possible if you aren't running your OWN DNS resolvers
By the way, using external resolver is still ok in case you run a
small shop or are running a toy server, but other than that, if you
are taking things seriously, then having a decent local resolver
infrastucture and local copies of DNSBL/URIBL is the way to go
------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
