named.conf restored to hint zone for the root by default
olli at lurza.secnetix.de
Sun Aug 5 02:02:44 PDT 2007
Doug Barton wrote:
> Oliver Fromme wrote:
> > By the way, I have changed from hints to slaves on the DNS
> > servers for a large server farm (just testing right now;
> > I might go back to hints if I don't feel it's worth it).
> Depending on how many name servers you have you might get a bigger win
> by slaving the root to one server, then slaving it to the others from
> your "local master." If you're only talking about a few name servers
> it's probably not worth it though.
It's three name servers, and they're intended to be
completely independent of each other. That's why I've
configured each of them to retrieve the root zone of
> > It _seems_ a few applications run with lower latency, but
> > I'll need to run some benchmarks in order to get some hard
> > numbers.
> If your stuff is relatively well behaved, and generally only queries a
> few TLDs you might not get much of a benefit in terms of reduced
> latency. In this scenario the main advantage is better resilience to a
> root DDoS.
> Where this technique really works well is a scenario where you are
> answering a lot of "random" queries that could potentially include
> invalid TLDs and other "junk." Not sending those queries to the roots
> helps reduce traffic for them and for you, and gives you much better
> latency on the inevitable NXDOMAIN response.
The farm contains several mail servers with spam and virus
scanners, http proxies with (roughly) several thousands of
users, a few dozen web servers and other things. I think
especially the mail scanners and the proxies generate some
amount of dns "junk" queries.
Thanks for your suggestions!
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"I made up the term 'object-oriented', and I can tell you
I didn't have C++ in mind."
-- Alan Kay, OOPSLA '97
More information about the freebsd-stable