Date: Sat, 08 Apr 2006 09:54:42 -0400 From: Chuck Swiger <cswiger@mac.com> To: Lyndon Nerenberg <lyndon@orthanc.ca>, stable@freebsd.org Subject: Re: resolver doesn't see resolv.conf changes Message-ID: <4437C0A2.1090100@mac.com> In-Reply-To: <20060408083955.GA1041@roadrunner.q.local> References: <20060405152718.GA1003@roadrunner.q.local> <20060406153938.C78654@orthanc.ca> <20060408083955.GA1041@roadrunner.q.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Ulrich Spoerlein wrote: > Lyndon Nerenberg wrote: >> The solution is to run a local caching nameserver instance. You should do this anyway, for >> performance reasons. Add 'named_enable="YES"' to /etc/rc.conf, and modify your >> /etc/dhclient.conf as follows: > > Good idea, but this defeates the hierarchical purpose of DNS. Now my > caching DNS is always querying the root DNS servers. Yes, and is actually sending valid queries driven by a human trying to do something useful. Serving legitimate traffic isn't a problem for the root nameservers, but you could always set up a forwarder line to use the local ISP's nameserver first. [ The root nameservers are seeing upwards of 90% bogus queries (ie, invalid queries, misplaced assertions from DNS servers claiming to be root nameservers themselves, Kaspersky-style DoS attacks, etc). ] > And there might be ISPs who disallow outgoing DNS connections to > somewhere else than their own DNS servers. There are people offering "walled gardens" which prevent normal Internet access but provide some limited services; such aren't really "ISP"s, though. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4437C0A2.1090100>