resolver doesn't see resolv.conf changes
Chuck Swiger
cswiger at mac.com
Sat Apr 8 13:54:45 UTC 2006
Ulrich Spoerlein wrote:
> Lyndon Nerenberg wrote:
>> The solution is to run a local caching nameserver instance. You should do this anyway, for
>> performance reasons. Add 'named_enable="YES"' to /etc/rc.conf, and modify your
>> /etc/dhclient.conf as follows:
>
> Good idea, but this defeates the hierarchical purpose of DNS. Now my
> caching DNS is always querying the root DNS servers.
Yes, and is actually sending valid queries driven by a human trying to do
something useful. Serving legitimate traffic isn't a problem for the root
nameservers, but you could always set up a forwarder line to use the local
ISP's nameserver first.
[ The root nameservers are seeing upwards of 90% bogus queries (ie, invalid
queries, misplaced assertions from DNS servers claiming to be root
nameservers themselves, Kaspersky-style DoS attacks, etc). ]
> And there might be ISPs who disallow outgoing DNS connections to
> somewhere else than their own DNS servers.
There are people offering "walled gardens" which prevent normal Internet
access but provide some limited services; such aren't really "ISP"s, though.
--
-Chuck
More information about the freebsd-stable
mailing list