enable DNS
Rodolfo J. Paiz
rpaiz at simpaticus.com
Sun Jun 13 01:16:16 UTC 2004
At 15:49 6/12/2004, Kenneth Porter wrote:
>On a network with restricted access to the Internet, this makes sense, as
>you reduce the use of the scare resource, your small pipe. For a machine
>with a broadband or better connection, you would suffer the cost of the
>extra hop going through a forwarder if there's a cache miss, which makes
>performance highly dependent on the characteristics of your forwarder's
>cache. It also makes you vulnerable to misconfiguration of the forwarder.
>(Ask Comcast/ATTBI customers about that when it happened a couple years
>ago for a couple months and screwed up Win2k users. Win2k's client caching
>resolver locks to the first server returning a reply, and it would
>randomly lock to ATTBI servers with bad information.) A root hints system
>removes your forwarders as points of failure. You bypass them and go
>straight to the authoritative servers for each domain.
Kenneth, while your comment is technically correct, in my not-so-humble
opinion it is a very poor recommendation to give others. Having every
nickel-and-dime home network go straight to the root servers is going to
create exponential growth of the load on those servers; the fact that large
backbone providers serve ISP's who in turn serve their customers is one of
the things that helps make the Internet scalable.
As an example: say there are only three layers of service providers between
the typical home/SOHO/smallbiz network and the root servers. If there were
only 1,000 companies in each layer (which is ridiculously small) and only
5% of the typical small networks went straight to the rootservers, then one
can see that out of 1,000,000,000 (one billion) small networks, there
would now be an additional 50,000,000 (fifty million) small networks
directly querying the rootservers. Those numbers add up, man.
For the huge majority of people, the *proper* way to configure a
caching-nameserver is to set up one or two forwarders to be checked first
before going to the root servers. The additional penalty in speed is in
milliseconds (which those small networks won't even notice), and the
potential for cache poisoning, while real, is also tiny. I very, very
strongly disagree with your advice: it is technically correct and valid,
but sadly lacking in netiquette and good network design.
Cheers,
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the fedora-list
mailing list