TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
 ·Verizon Online DSL
| reply to Matt
Re: $20,000 a day?
said by Matt  :... Where do you think the caching DNS server gets it's answers? Directly from the ROOT servers, totally bypassing your ISP. The root server points you directly to the authoritative DNS server of the domain you want to access.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| said by TamaraB :said by Matt :... Where do you think the caching DNS server gets it's answers? Directly from the ROOT servers, totally bypassing your ISP. The root server points you directly to the authoritative DNS server of the domain you want to access. Bob You're correct. I was confusing a caching name server with a name server that is authoritative for a specific zone. If you have a zone configured, your name server requires a forwarder for all zones it's not authoritative for.
I run DNS for my LAN, which was causing my confusion. |
|
DarkLogix
join:2008-10-23
Baytown, TX | By default windows dns servers (meaning windows servers with the DNS role added)
point to the root servers so you don't have to set the forwarders and it regularly updates its root hints file |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| said by DarkLogix :By default windows dns servers (meaning windows servers with the DNS role added) point to the root servers so you don't have to set the forwarders and it regularly updates its root hints file Unless you configure a zone. I run MS DNS at home and if you configure a forward lookup zone (like I have for my LAN, universe.local) and don't configure forwarders, it will return an NXDOMAIN result for any domain that isn't universe.local. |
|
DaSneaky1D
one wall to block them all
Premium,MVM
join:2001-03-29
The Lou
 ·Charter Pipeline
| reply to TamaraB
Why do you need to get answers from the authoritative servers? It'll take 100ms or more to get an answer due to routing distance, rather than asking OpenDNS's server at half the resolution time.
While I understand the "cool" factor of it (btw, you're really not asking a root server for anything, only the TLD servers), you're likely only asking for an "A" or "MX" record for most DNS request. Why not get it from the quickest responding server and simply cache it again locally?
--
:: my trivial ramblings :: |
|
DarkLogix
join:2008-10-23
Baytown, TX
·Comcast Workplace
·Comcast
| reply to Matt
You just need to check the root hints list
I have an MS dns server at home as well and didn't set any forwards and just rechecked the root hints
and internal dns for my website works aswell as resolving external
and I have reverce and forward zones but not forwarders |
|
DarkLogix
join:2008-10-23
Baytown, TX | on the other hand I also have it runing as a domain controler |
|
espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
 ·voip.ms
·Vitelity VOIP
·Callcentric
·VoiceStick
·ViaTalk
·Comcast
·Embarq
1 edit | reply to TamaraB
said by TamaraB :Directly from the ROOT servers, totally bypassing your ISP. The root server points you directly to the authoritative DNS server of the domain you want to access. Not quite. The root DNS servers only serve up "com" "net" "org" and the other top level domains. They pass you off to authoritative servers for the TLD (such as the gtld servers for .com/.net) who respond with the authoritative servers for the domain.
On your first query of "www.dslreports.com" you need to ask the root servers about ".com", the gtld servers about "dslreports.com" and the dslreports authoritative servers about "www.dslreports.com"
If you use a good caching server, you can get the same information in a single query.
In nearly all cases, not taking advantage of a good caching server will still get you results, but it will come at a significant lookup latency penalty. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC | I have just started learning about mDNS (Zeroconf, Bonjour) and I'm wondering what you think of it as an alternative to dedicating a machine to running DNS for a LAN? |
|
whosmatt
join:2005-02-28
Raleigh, NC
| reply to Matt
The correct distinction is forwarding DNS server (dnsmasq found in most residential gateway appliances) vs recursive dns server (BIND,windows, etc can do both), which takes a query, starts with the root servers, and keeps going until it ultimately gets the answer it wants.
dnsmasq in its default setting will forward queries to another server or servers. one very useful feature of dnsmasq is that you can have it simultaneously forward to multiple servers and return whatever result comes back fastest.
-m |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC | Is dnsmasq the same thing as "DNS relay"? TIA -- |
|
espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN | dnsmasq is a lightweight caching DNS / local DHCP server:
»www.thekelleys.org.uk/dnsmasq/doc.html |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| reply to funchords
said by funchords :Is dnsmasq the same thing as "DNS relay"? TIA -- It can act as a DNS relay, yes. |
|
kontos
xyzzy
join:2001-10-04
West Henrietta, NY
| reply to Matt
said by Matt : my LAN, universe.local) and don't configure forwarders, it will return an NXDOMAIN result for any domain that isn't universe.local. You're doing something wrong, then. |
|
kontos
xyzzy
join:2001-10-04
West Henrietta, NY
| reply to espaeth
It doesn't cache. |
|
espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
·voip.ms
·Vitelity VOIP
·Callcentric
·VoiceStick
·ViaTalk
·Comcast
·Embarq
| reply to funchords
said by funchords :I have just started learning about mDNS (Zeroconf, Bonjour) and I'm wondering what you think of it as an alternative to dedicating a machine to running DNS for a LAN? If your clients support it I guess that works for local resolution. This would not seem to have any benefits of having a local caching server however.
The benefits of having a local caching DNS forwarder on your LAN are there with a sufficient number of hosts. For a small number of hosts (ie, 1) the extra lookup delay of the local server actually just slows things down. Having a caching local recursive resolver on your network generally only pays off for ISPs and enterprise customers. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| reply to kontos
said by kontos :It doesn't cache. said by »www.thekelleys.org.uk/dnsmasq/doc.html :Dnsmasq caches internet addresses (A records and AAAA records) and address-to-name mappings (PTR records), reducing the load on upstream servers and improving performance (especially on modem connections).
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon -- KJ7RL
What you do at Christmas does not matter so much; What counts are the Christmas things you do all year through. |
|
whosmatt
join:2005-02-28
Raleigh, NC
| reply to DaSneaky1D
Any server you forward to is ultimately a recursive server that will, if it has no information in its cache, query the root servers for that answer -- Opendns included. One advantage of using a very popular DNS server is that it gets LOTS of queries and will be more likely to have a popular result cached. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to DaSneaky1D
said by DaSneaky1D : ... rather than asking OpenDNS's server at half the resolution time. Redirections for one, tracking for two, selling browsing history for three. My local bind asks the authoritative server one time, then for the duration of the TTL, my local bind responds instantaneously, no network delay for all subsequent queries for that domain. it is FASTER.
said by DaSneaky1D : Why not get it from the quickest responding server and simply cache it again locally? Because the nearest non-authoritative server, MAY have old info. Badly configured authoritative servers (with unduly large TTL values) can cause new information not to propagate quickly. I have seen this many times; an IP change that doesn't propagate down-stream for days. The only accurate info comes directly from authoritative servers, all others may or may not reflect reality.
Also, I have control of my local cache, I can clear it at will flushing out any bad data. I suppose it's a control issue, that's why I run FreeBSD 
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to espaeth
said by espaeth : ...On your first query of "www.dslreports.com" you need to ask the root servers about ".com", the gtld servers about "dslreports.com" and the dslreports authoritative servers about "www.dslreports.com" Once the above is cached on my local bind all subsequent queries are nearly instantaneous. There is only a delay in retrieving the initial data, after that it's essentially a free ride.
said by espaeth :If you use a good caching server, you can get the same information in a single query. That's exactly what my local bind does. How much faster can you get than a Localhost query? It is a "good caching server".
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
