Re: BIND with "forward first" as caching DNS?

2005-08-17 Thread mouss 

email builder a écrit :


Hello,

 I'm no DNS expert, so am wondering if I am shooting myself in the foot by
having "forwarders" set up in my BIND config file, especially with "forward
first":

options {
   directory "/var/named";
   forward first;
   forwarders {
   xxx.xxx.x.x
   yyy.yyy.y.y
   };
};

 Where xxx and yyy are the DNS servers for my colo provider where I host the
system in question.  Does this defeat the purpose of local caching or am I
OK?
 

If you run bind, it will cache. don't forget to make it "master" for 
localhost and 127.

RE: BIND with "forward first" as caching DNS?

2005-08-17 Thread email builder 
Herb, this is just FYI.  I am *NOT* sending from a fake Yahoo server - this
mail was legit, so seems like your server is being a little over-zealous?


--- [EMAIL PROTECTED] wrote:

> Date: 17 Aug 2005 23:16:08 -
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: failure notice
> 
> Hi. This is the qmail-send program at yahoo.com.
> I'm afraid I wasn't able to deliver your message to the following
> addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
> 
> <[EMAIL PROTECTED]>:
> 68.178.144.61 does not like recipient.
> Remote host said: 550 Fake Yahoo mail
> Giving up on 68.178.144.61.
> 
> --- Below this line is a copy of the message.
> 
> Return-Path: <[EMAIL PROTECTED]>
> Received: (qmail 69465 invoked by uid 60001); 17 Aug 2005 23:16:02 -
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
>   s=s1024; d=yahoo.com;
>  
>
h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
>  
>
b=kFeUKnrDxm4Y+XJNGAjmiKk5ZWlKlRIwiDc4zVNhgR4CyXMc/1LVYUdp+By5RVeAggd2+s0RB2WJIbrG+yE8PxHHW+1BqYEtK+MMxJUkTh49JFhGn0NEWiKgHcDmqS06AYxSsU3U+itOkbDn+2aLfIkMKzRdoPfAztHWnEMdiIQ=
>  ;
> Message-ID: <[EMAIL PROTECTED]>
> Received: from [64.171.185.165] by web51909.mail.yahoo.com via HTTP; Wed,
> 17 Aug 2005 16:16:02 PDT
> Date: Wed, 17 Aug 2005 16:16:02 -0700 (PDT)
> From: email builder <[EMAIL PROTECTED]>
> Subject: RE: BIND with "forward first" as caching DNS?
> To: Herb Martin <[EMAIL PROTECTED]>, users@spamassassin.apache.org
> In-Reply-To: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> 
> 
> 
> --- Herb Martin <[EMAIL PROTECTED]> wrote:
> 
> > > 
> > >   I'm no DNS expert, so am wondering if I am shooting myself 
> > > in the foot by having "forwarders" set up in my BIND config 
> > > file, especially with "forward
> > > first":
> > 
> > >   Where xxx and yyy are the DNS servers for my colo provider 
> > > where I host the system in question.  Does this defeat the 
> > > purpose of local caching or am I OK?
> > 
> > No.  Resolution by forwarders is also cached by
> > the requesting (forwarding) DNS server.
> > 
> > It does expose you to any corruption (e.g., cache
> > polution) of your colocator's DNS -- but if you
> > trust them to do as good or better job of running
> > DNS securely (than you can do) then that probably
> > doesn't matter. (You did say you are not an expert.)
> 
> Thank you!
> 
> 
>   
> 
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs 
>  
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

RE: BIND with "forward first" as caching DNS?

2005-08-17 Thread email builder 


--- Herb Martin <[EMAIL PROTECTED]> wrote:

> > 
> >   I'm no DNS expert, so am wondering if I am shooting myself 
> > in the foot by having "forwarders" set up in my BIND config 
> > file, especially with "forward
> > first":
> 
> >   Where xxx and yyy are the DNS servers for my colo provider 
> > where I host the system in question.  Does this defeat the 
> > purpose of local caching or am I OK?
> 
> No.  Resolution by forwarders is also cached by
> the requesting (forwarding) DNS server.
> 
> It does expose you to any corruption (e.g., cache
> polution) of your colocator's DNS -- but if you
> trust them to do as good or better job of running
> DNS securely (than you can do) then that probably
> doesn't matter. (You did say you are not an expert.)

Thank you!




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

RE: BIND with "forward first" as caching DNS?

2005-08-17 Thread Herb Martin 
> 
>   I'm no DNS expert, so am wondering if I am shooting myself 
> in the foot by having "forwarders" set up in my BIND config 
> file, especially with "forward
> first":

>   Where xxx and yyy are the DNS servers for my colo provider 
> where I host the system in question.  Does this defeat the 
> purpose of local caching or am I OK?

No.  Resolution by forwarders is also cached by
the requesting (forwarding) DNS server.

It does expose you to any corruption (e.g., cache
polution) of your colocator's DNS -- but if you
trust them to do as good or better job of running
DNS securely (than you can do) then that probably
doesn't matter. (You did say you are not an expert.)


--
Herb Martin