enable DNS

Rodolfo J. Paiz rpaiz at simpaticus.com
Sun Jun 13 01:16:16 UTC 2004


At 15:49 6/12/2004, Kenneth Porter wrote:
>On a network with restricted access to the Internet, this makes sense, as 
>you reduce the use of the scare resource, your small pipe. For a machine 
>with a broadband or better connection, you would suffer the cost of the 
>extra hop going through a forwarder if there's a cache miss, which makes 
>performance highly dependent on the characteristics of your forwarder's 
>cache. It also makes you vulnerable to misconfiguration of the forwarder. 
>(Ask Comcast/ATTBI customers about that when it happened a couple years 
>ago for a couple months and screwed up Win2k users. Win2k's client caching 
>resolver locks to the first server returning a reply, and it would 
>randomly lock to ATTBI servers with bad information.) A root hints system 
>removes your forwarders as points of failure. You bypass them and go 
>straight to the authoritative servers for each domain.

Kenneth, while your comment is technically correct, in my not-so-humble 
opinion it is a very poor recommendation to give others. Having every 
nickel-and-dime home network go straight to the root servers is going to 
create exponential growth of the load on those servers; the fact that large 
backbone providers serve ISP's who in turn serve their customers is one of 
the things that helps make the Internet scalable.

As an example: say there are only three layers of service providers between 
the typical home/SOHO/smallbiz network and the root servers. If there were 
only 1,000 companies in each layer (which is ridiculously small) and only 
5% of the typical small networks went straight to the rootservers, then one 
can see that out of 1,000,000,000  (one billion) small networks, there 
would now be an additional 50,000,000 (fifty million) small networks 
directly querying the rootservers. Those numbers add up, man.

For the huge majority of people, the *proper* way to configure a 
caching-nameserver is to set up one or two forwarders to be checked first 
before going to the root servers. The additional penalty in speed is in 
milliseconds (which those small networks won't even notice), and the 
potential for cache poisoning, while real, is also tiny. I very, very 
strongly disagree with your advice: it is technically correct and valid, 
but sadly lacking in netiquette and good network design.

Cheers,


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com





More information about the fedora-list mailing list