[nylug-talk] How to time DNS responses?

H. G. tekronis at gmail.com
Wed Jan 30 18:16:05 EST 2008 

On 1/30/08, Chris Knadle <Chris.Knadle at coredump.us> wrote:
>
> On Wednesday 30 January 2008, Ajai Khattri wrote:
> > On Wed, 30 Jan 2008, Chris Knadle wrote:
> > >    That may very well be generally what people do, but at least at one
> > > time that was dissuaded in order to keep down the amount of queries
> the
> > > root servers have to answer.
> >
> > Huh? I think what Alex said was that its pretty normal for a DNS server
> to
> > do a recursive lookup when it doesn't find an answer in its cache and
> > that usually means starting from the root and working down the tree.
> > That's how DNS is supposed to work. So, your ISP's name servers have
> > nothing to do with it.
>
>    Last I read the docs for Bind on the subject, there was a
> recommendation
> for caching name servers to *forward* queries to the ISP's DNS server
> rather
> than query the root servers directly.  Again, the idea being to lessen the
> number of queries that the root DNS servers have to answer because there's
> another DNS server caching the root servers' responses.
>    All I'm getting at is that there's nothing particularly wrong about
> forwarding queries to the ISP's DNS server AS LONG AS IT WORKS AND
> PERFORMS
> WELL.
>
>    The Bind 9 docs don't seem to stress this as much as the Bind 4 or 8
> docs
> did, and there have been several developments like DNS poisoning since
> then
> such that querying the root DNS servers may now be the right thing to
> do.  So
> like I said, that's what I see most people doing, but that's not the only
> way
> to set up Bind to get queries resolved.
>
>    -- Chris
>
> Well, while we're on this subject, are there any open, non-root, decently
performing DNS
servers that do not engage in the retarded Verisign "help page" behavior for
NXDOMAIN
situations?  Its a pain when you expect to get a proper "Nonexistent Domain"
response,
but instead get given the IP pointing to the DNS owner's
"Sorry, that domain doesn't exist,
heres our search page! (and ads)" page.

Verizon engages in this, OpenDNS does this (which I think is a main part of
their business function),
and last but not least Verisign, who started this whole moronic mess.  And
so do many
ISPs.

I'm sure you guys can recommend several spec-respecting public use DNS
services. I would
appreciate it.

More information about the nylug-talk mailing list