enable DNS

Rodolfo J. Paiz rpaiz at simpaticus.com
Sat Jun 12 20:13:50 UTC 2004 

At 20:37 6/11/2004, Kenneth Porter wrote:
>--On Friday, June 11, 2004 2:55 PM -0400 David Collantes 
><david at bus.ucf.edu> wrote:
>
>>You do not need to run DNS to do what you are trying to do, but you need
>>to list a valid (or more than one) DNS on your /etc/resolv.conf, which
>>should contain:
>>
>>search dnsdomainname.com
>>nameserver XXX.XXX.XXX.XXX
>>nameserver XXX.XXX.XXX.XXX
>>
>>Of course, XXX.XXX.XXX.XXX are the IP of the DNS you are going to use.
>>Done!
>
>But it's nice to run your own caching server to reduce traffic and you 
>eliminate dependence on your ISP's servers. To do this, install the 
>caching-nameserver RPM package. It's a config file for BIND (named) that 
>runs it only as a caching server. Then enable and start the named service.
>
>Finally, in /etc/resolv.conf, set the nameserver to 127.0.0.1 so that it 
>will consult your new caching nameserver.

Note that this is *only* beneficial when there are at least several, and 
hopefully lots, of machines in your local network. For just one or two 
machines it's an additional point of failure, an additional hop/step in 
name resolution, and just plain more work. I generally do not recommend it 
unless you are service *at least* five machines and you also *like* to do 
additional work (masochism, the learning experience, whatever).

Also, simply installing and configuring a caching nameserver without 
additional configuration means that every two-bit network out there is 
harassing the root servers directly which is incredibly rude. Nameservers 
are set up hierarchically *specifically* to spread out load and reduce 
duplicate requests, and your ISP's DNS servers likely serve up name 
resolution for 10,000 machines or more. You should always have your own 
caching-nameserver set up to forward queries to your ISP's servers *FIRST* 
and only query the root servers if that fails.

Not only is that the correct, courteous, proper way to do it, it's actually 
faster on average since in many cases your ISP's servers *will* have the 
name you want in their cache so you'll get a fast, one-hop response. Even 
if the ISP's servers are down, then your named process will still 
transparently and automatically query the root servers directly, so it's 
more fault-tolerant as well. Add this to your named.conf at the top in the 
"options" section where the directory is set:

    forward first;
    forwarders { 111.111.111.111; 222.222.222.222; };

and you're done! Simple, very simple, and much better in every possible way.

Cheers,


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com

More information about the fedora-list mailing list