--- Frank Tegtmeyer <[EMAIL PROTECTED]> wrote: > Joshua Banks <[EMAIL PROTECTED]> writes: > > > Where are you getting this info?? > > The info about the changes was from the README of the patch that > changes the dnscache behaviour. > (/usr/portage/distfiles/djbdns-1.04-fwdzone.patch)
Was this patch automatically applied when I emerged "djbdns" ?? Or is this something that I have to manually apply? When I do a "qpkq -I -v" this patch isn't listed. So is it safe to assume that this isn't applied then?? > > > I have a forwarding cache setup right now and it works like a charm. > > It talks to one up stream dns server at the isp and works fine. > > The point is not *if* it works, but what consequences this > introduces. See below. > > Forwarding may be necessary if your internet connection is slow, but > even then I prefer to avoid forwarding. If you have a slow connection, > dnscache will be a bit slow after startup but later it will typically > have much of the requested information in its cache. Also a computer > behind a slow connection normally does not use DNS heavily, so it will > not add that much to bandwith use. > > > And why would someone not want to use forwarding? You made the > > comment that forwarding isn't reccomended but don't say why. > > If you use forwarding you solely rely on the recursive dns server that > you forward to. You rely on: > - that it is available at all > - that it does resolving correctly (not always given) > - that its administrators respect your privacy and don't analyze your > request patterns > - that nobody plays cache tricks to get more information about you Wouldn't the above apply to how this is setup normally...regardless of having a forwarding caching server setup internally??... I.E..clients resolvers pointing to 2 upstream dns servers. > > > But in my case I think this is just forwarding the client dns > > request's like normal. > > Your dnscache gets the client requests, they are forwarded to your > forward server that does the resolving. The answer is the cached by > your dnscache and given to the client. > There is one step too much here, isn't it? Not that I can see. Not sure what you mean.?? > > > Maybe your talking about TinyDns?? NO..?? > > No. > > > I installed "djbdns" strictly for the ability to act as a caching > > server as well as a dns forwarding agent that the other pc's point > > to when making dns requests. > > dnscache's primary task is resolving. This is done in an efficient and > secure way. Caching is a secondary thing. Forwarding was introduced > only for some rare cases (firewall setups etc.). The initial dnscache > code even didn't contain forwarding possibilities. > So you don't use the core function of dnscache. Maybe you confuse > forwarding with resolving? Ummm. I don't know. I thought in my type of setup that its doing both. I thought that when forwarding it was more or less acting like a proxy on behalf of the clients that point to it. > > When I rebooted "svscan" didn't start at boot which I find a little > > strange so I guess I need to add this to the default runlevel with > > the "rc-update add svscan default". Sorry for the rant. > > This info is displayed when emerging daemontools, I think. But I may > be wrong here. What info?? > > I followed this doc and this works exactly as I envisioned wanting > > it too.... > > http://cr.yp.to/djbdns/run-cache-x-home.html > > Maybe this worked in an older ebuild, the actual one contains the > fwdzone patch. Are you sure, that forwarding works? Are you sure you > used the ebuild and didn't build from source by hand? Remember that my > first comment was about the ebuild. Yes this is the latest stable ebuild that came with the patch. I didn't know that the patch was included at first until you told me where to look. I suppose if I had been watching the emerge compile process at the time of compilation then I would've noticed. Forwarding must work because I have two internal clients that are soley pointing their dns resolvers at my server that is running the forwarding cache at 192.168.1.1. They get dns resolution so I would have to assume that this is working correctly.... NO?? Thanks for the response Frank. You've been very helpful. Joshua Banks __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list