From: "Ewald Wasscher" <[EMAIL PROTECTED]>
> Like eh, me? I'll leave dnscache to Jacques of course. Does anyone
think
> it makes sense to use the "new" FORWARDONLY option (since djbdns
1.03)?
> It seems to me that especially on a slow dialup line it will be slower
> to let the firewall do dns-resolution than to use the ISP nameservers.
First of all some background material I found interesting on this issue:
http://cr.yp.to/djbdns/faq/cache.html#forwardonly
http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-server-roles.html
http://www.faqts.com/knowledge_base/view.phtml/aid/8895
AFAIK I am not a big fan of using ISP DNS:
1/ One of the most interesting feature of dsncache is to resolve domain
names starting from root servers and you are therefore certain to get
the most up to date information.
2/ You get imunized from possible attacks against your ISP DNS.
3/ Your dnscache will store in memory the adresses you are using the
more frequently
4/ Most LRP boxes are permanently linked to Internet.
5/ When I use dnscache on my laptop with a dial-up compuserve connection
I never have significant response problem.
But if some really wants to run dnscache with forwardonly it's really
easy to setup --> see first hyperlink above
Cheers
Jacques
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
