BIND with forward first as caching DNS?
Hello, I'm no DNS expert, so am wondering if I am shooting myself in the foot by having forwarders set up in my BIND config file, especially with forward first: options { directory /var/named; forward first; forwarders { xxx.xxx.x.x yyy.yyy.y.y }; }; Where xxx and yyy are the DNS servers for my colo provider where I host the system in question. Does this defeat the purpose of local caching or am I OK? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: BIND with forward first as caching DNS?
I'm no DNS expert, so am wondering if I am shooting myself in the foot by having forwarders set up in my BIND config file, especially with forward first: Where xxx and yyy are the DNS servers for my colo provider where I host the system in question. Does this defeat the purpose of local caching or am I OK? No. Resolution by forwarders is also cached by the requesting (forwarding) DNS server. It does expose you to any corruption (e.g., cache polution) of your colocator's DNS -- but if you trust them to do as good or better job of running DNS securely (than you can do) then that probably doesn't matter. (You did say you are not an expert.) -- Herb Martin
RE: BIND with forward first as caching DNS?
--- Herb Martin [EMAIL PROTECTED] wrote: I'm no DNS expert, so am wondering if I am shooting myself in the foot by having forwarders set up in my BIND config file, especially with forward first: Where xxx and yyy are the DNS servers for my colo provider where I host the system in question. Does this defeat the purpose of local caching or am I OK? No. Resolution by forwarders is also cached by the requesting (forwarding) DNS server. It does expose you to any corruption (e.g., cache polution) of your colocator's DNS -- but if you trust them to do as good or better job of running DNS securely (than you can do) then that probably doesn't matter. (You did say you are not an expert.) Thank you! Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
RE: BIND with forward first as caching DNS?
Herb, this is just FYI. I am *NOT* sending from a fake Yahoo server - this mail was legit, so seems like your server is being a little over-zealous? --- [EMAIL PROTECTED] wrote: Date: 17 Aug 2005 23:16:08 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: 68.178.144.61 does not like recipient. Remote host said: 550 Fake Yahoo mail Giving up on 68.178.144.61. --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 69465 invoked by uid 60001); 17 Aug 2005 23:16:02 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=kFeUKnrDxm4Y+XJNGAjmiKk5ZWlKlRIwiDc4zVNhgR4CyXMc/1LVYUdp+By5RVeAggd2+s0RB2WJIbrG+yE8PxHHW+1BqYEtK+MMxJUkTh49JFhGn0NEWiKgHcDmqS06AYxSsU3U+itOkbDn+2aLfIkMKzRdoPfAztHWnEMdiIQ= ; Message-ID: [EMAIL PROTECTED] Received: from [64.171.185.165] by web51909.mail.yahoo.com via HTTP; Wed, 17 Aug 2005 16:16:02 PDT Date: Wed, 17 Aug 2005 16:16:02 -0700 (PDT) From: email builder [EMAIL PROTECTED] Subject: RE: BIND with forward first as caching DNS? To: Herb Martin [EMAIL PROTECTED], users@spamassassin.apache.org In-Reply-To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit --- Herb Martin [EMAIL PROTECTED] wrote: I'm no DNS expert, so am wondering if I am shooting myself in the foot by having forwarders set up in my BIND config file, especially with forward first: Where xxx and yyy are the DNS servers for my colo provider where I host the system in question. Does this defeat the purpose of local caching or am I OK? No. Resolution by forwarders is also cached by the requesting (forwarding) DNS server. It does expose you to any corruption (e.g., cache polution) of your colocator's DNS -- but if you trust them to do as good or better job of running DNS securely (than you can do) then that probably doesn't matter. (You did say you are not an expert.) Thank you! Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: BIND with forward first as caching DNS?
email builder a écrit : Hello, I'm no DNS expert, so am wondering if I am shooting myself in the foot by having forwarders set up in my BIND config file, especially with forward first: options { directory /var/named; forward first; forwarders { xxx.xxx.x.x yyy.yyy.y.y }; }; Where xxx and yyy are the DNS servers for my colo provider where I host the system in question. Does this defeat the purpose of local caching or am I OK? If you run bind, it will cache. don't forget to make it master for localhost and 127.