Date: Wed, 7 Feb 2001 07:58:52 -0700 (MST) From: "Forrest W. Christian" <forrestc@imach.com> To: Leif Neland <leif@neland.dk> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: cost of denying use of dns Message-ID: <Pine.BSF.4.21.0102070742280.23420-100000@workhorse.iMach.com> In-Reply-To: <026001c090d9$1f8b4de0$0e00a8c0@neland.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Feb 2001, Leif Neland wrote: > However, now I wonder if it is more "expensive" to deny the lookup and > write the reject to a logfile than just go ahead and answer. I was planning on saying that by doing this, the users will be forced to find another name server, but now I think about how I think most resolvers work, I'm not so sure. First, unless you plan on tracking these people down, just bit-bucket the logging for the denys. In this case, it is probably a lot less expensive to respond with a "go see the roots" than to respond and also log. Now, the question is whether the resolver in Win95/98/NT/2000, etc. etc. etc. (and other systems) can deal with being pointed towards a non-recursive nameserver as their primary DNS server. Try pointing a machine towards a.root-servers.net or b.gtld-servers.net or something like that and see what happens. If they choke horribly, you've now eliminated the problem, as these people will go find someone else to do resolution for. It's too bad you can't just deny the non-authoriative responses (meaning responding to anything you are not specifically authoritative for), but I think that doing this would be a bad idea. It would, however, get rid of your problems, as people would have to find another DNS server. There is one additional thing for you to consider. If you're customers roam at all outside of your dialup system, and they have your DNS servers statically configured this might break their resolvers. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102070742280.23420-100000>