Using DHCP /and/ name recognition w/o running BIND

[Steve Bertrand]

> I don't think so.  Lack of DNS performance is something that will
> cause the most harm to your experience of using the net.  Running your
> own DNS recursive server is the best way to get good DNS performance.

I don't mean to take away from this post in anyway because it was very
informative, however, I have found that preventing your own DNS server
from doing recursion and setting it up as forwarders only is in many cases
even a faster method of retrieving DNS entries.

I just find that allowing the ISP with the OC-3 circuits do all of the
recursion and just sending the final result back to me speed things up
just that much more.

Mind you on a home network, the requests are much fewer and far between,
but the forwarders clause can reduce load on the system and on the home
Internet connection, and put the load on the equipment and infrastructure
that were really designed to handle it. (Plus, you will also benefit from
their cache as well, greatly reducing the recursion that is required).

Just my $.02

sb

>
> For a home network, you can also run authoritive local domains from
> the same server without to much trouble.  So long as your DNS server
> is on your private network and not accessible externally this should
> be OK.  For public use though, mixing up authoritative and recursive
> DNS functions on the same server is bad juju, and should only be done
> by grown-ups.
>
>> There seems to be a current undocumented feature of most of these
>> routers
>> that if you use the router as a DNS server entry that it automagically
>> forwards those requests to the DNS entries on the WAN side.  However,
>> for
>> tools like nslookup that make explicit connections to the server, this
>> does
>> not work correctly.
>
> Yes -- that's simply DNS recursion.  You ask the DNS server on your
> router "what is the IP number corresponding to www.freebsd.org": a
> recursive server will track the answer down for you, by asking in turn
> the root servers, the .org TLD servers and the freebsd.org servers on
> your behalf.  Or it will tell you the cached answer it got from doing
> all that a few minutes previously.  An authoritative server will just
> answer "dunno", unless it happens to be one of the freebsd.org
> servers.
>
> You should still be able to use the usual DNS tools to query other
> servers directly. eg:
>
>     % dig @ns0.freebsd.org. www.freebsd.org. IN A
>
> If your router is filtering out DNS traffic other than through it's
> own server, then you'll have to adjust it's programming.  It could
> just be a matter of tweaking the packet filters for UDP traffic on
> port 53.  If your router won't let you do that, get a better one.
>
> 	Cheers,
>
> 	Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
>                                                       Savill Way
> PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
> Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
>