At 09:38 PM 1/5/02 -0500, you wrote: > > X-Sender: [EMAIL PROTECTED] > > From: Julian Opificius <[EMAIL PROTECTED]> > > > > Hi Dave, > > Comments below. > >I think I understand what you said, but other than the forward lines, >nowhere else is my ISP's DNS servers specified. How else do I tell it >to look there first if it's not in it's local cache?
Ah! That's the magic of DNS! Read on ... I've been dredging through O'Reilly for the past couple of hours. Here's what I think I know:- Keep in mind through all this that the DNS service has nothing to do with the resolver of the local IP stack. The whole DNS phonomemon is made up of two parts: the DNS server, and the IP stack's resolver. On a "regular" machine, the IP stack's resolver goes UPSTREAM to the DNS servers specified in resolv.conf to resolve IP addresses for remote hosts. Normally, that would also happen for local requests from a DNS server, by the way. More on that in a moment. The local DNS server is running bind, which handles requests from DOWNSTREAM hosts programmed to come to it for DNS resolution. To answer your question Dave:- ignoring forwarding, for a moment, the first time a request if made to named it goes to /var/named/named.ca to get the root servers' addresses and starts there. Your server makes iterative requests (look it up in the book!) using data provided by the root srevers, goin on down the line, until it find the answer it needs. Yes, that means a lot of work at first, but that's what caching is all about. Now, if you put a forwarder statement in your zone file, then your DNS server will go to your ISP's DNS server(s) before trying to resolve an address itself. Your ISP's DNS server has to do all the work. That's fine: this will reduce the load on your machine's DNS server. Your DNS sever will still cache the results, however. The forwarding statement only changes HOW it goes about getting names resolved, it doesn't stop it from caching the results. Now, on to forwarding. Given the setup I was talking about in the first place was four machines on a LAN, one of which was a Linbox running bind, there's no point in running a DNS server in the first place if all I'm going to do is concentrate all DNS request to the Linbox then pass them up to my ISP's DNS server, is there? I might as well point each of my LAN workstations at my ISP's DNS server and be done with it. They'd all go my ISP's server individually for their answers. You see, in one of the references Dave made yesterday, it was claimed that setting up a forwarding server reduces local network load. I assure you DNS requests don't amount to a hill of beans on even a modest LAN, compared to the actual data that is transferred once the address is resolved. Look at the size of even a modest web page these days. Again, the point of forwarding servers was to have one locally, so one could concentrate all DNS requests on a MULTI DNS SERVER network (i.e. a LARGE one), and reduce what would be assumed to be a large amount of largely repetitive DNS related traffic over the road to your ISP. On a single DNS server network that would be almost pointless. All that notwithstanding (you can tell I'm a Brit, can't you?!) The ONE reason I can see to use one's ISP's DNS server as a forwarding server is to reduce the DNS processing load on your own DNS server if it isn't very powerful, or has other things to do, such as be a workstation. Not that it wouldn't work perfectly well, it's just that that wasn't its intended purpose, and I like to be aware of the basic philosophy of the issue, because it helps learning and understanding. Lastly, the issue of the IP stack resolver on your DNS server itself. Actually, the DNS server entries in resolv.conf aren't necessary if the DNS box is set to use itself for DNS, which is typical. I understand this whole thing better now, but I still have a way to go. Thanks for accompanying me on the journey, and being so helpful. I hope I can repay your efforts soon. julian. ============================== >Dave > > > >_______________________________________________ >Redhat-list mailing list >[EMAIL PROTECTED] >https://listman.redhat.com/mailman/listinfo/redhat-list ---------------------------------------------------------------- Just because I'm paranoid doesn't mean they aren't after me ... Julian Opificius. ICQ 3268206. ---------------------------------------------------------------- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
