:On Sat, Apr 17, 1999 at 12:38:25PM -0700, Annelise Anderson wrote: :> :> I think it was, thanks. I changed the order of the nameservers :> in resolv.conf and it no longer happens. :) : :What about setting up a caching DNS server on your machine ? :You could configure forwarders. : :options { : directory "/etc/namedb"; : forwarders { : aaa.bbb.ccc.ddd; : }; :}; : :in /etc/resolv.conf : :domain your.domain :nameserver 127.0.0.1 : :Had to do many many (~600) DNS requests in a script and had :a lame nameserver over network about 3-4 hops away. : :After configuring a local DNS server the script was much (!) faster. : :-- :Andreas Klemm http://www.FreeBSD.ORG/~andreas
I'm going to pass on a lesson I learned at BEST. Setting a forwarders chain sucks, because named doesn't do the right thing with it -- even if you have multiple entries, if the first one is unreachable it will create a significant delay for nearly all your DNS requests which can seriously degrade scripts and servers. The safest way to set up a reliable DNS server is very similar to what you have above, but without forwarders. * You setup a local DNS server * You install a root cache. i.e., no forwarders. No remote cache... only local caching. root.zone can be obtained from ftp.rs.internic.net as the file domain/root.zone.gz. zone "." { type hint; file "root.zone"; }; * You then secondary the domains that are most critical for your machine's proper booting and operation. For example, at BEST each of our machines secondaries the best.com domain. You need to do this sort of thing to ensure that your machine is able to boot normally into a getty even when it is disconnected from the net, so you can at least login to it from the console. This guarentees that the domains the system needs to boot are cached locally as of the time of the poweron/reboot. If not, the machine will still eventually finish booting, but it could take a long long time to get past all the myrid DNS timeouts. zone "best.com" { type slave; file "s/best.com"; masters { 209.24.149.41; 209.157.102.11; 209.24.149.42; }; }; By setting up your DNS this way, you generate a small amount of extra net traffic but you get an order of magnitude better reliability out of it. By forcing DNS to do lookups through the NS record structure, you get around problems with ( for example ) domains which have lame nameservers. The NS structure is a parallel/least-time poll. A forwarders structure runs a sequential/timeout poll. -Matt Matthew Dillon <dil...@backplane.com> To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message