Preventing external lookups
Mark
admin at asarian-host.net
Sun Nov 16 12:16:00 UTC 2003
<Mark_Andrews at isc.org> wrote in message news:borfna$1jbn$1 at sf1.isc.org...
> > Hello,
> >
> > Running BIND 8.4.1, I loaded a large master zone from a DNS blocklist.
> > The result? Matches are found very fast, of course. But when BIND cannot
> > find a match, it still seems to query the root-servers, which can take
> > quite a while to return a negative response.
> >
> > So, my question is, can I prevent any external lookups for one specific
> > zone? External meaning: anything not defined in the zone file itself.
> >
> > Thanks!
> >
> > - Mark
>
> Fix your client.
It turns out, that the extra delay occured because I had several name
servers defined in /etc/resolv.conf: my own as first one + two of my ISP, as
fallback. My own BIND immediately returns when it cannot find a match for
its master zone. But then BIND starts asking the other two name servers,
defined in /etc/resolv.conf. And they recurse, of course. And take time. I
'solved' it, for now, by just using my own name server.
But the question arising from this, is a generic one. Having multiple name
servers defined in /etc/resolv.conf may provide alternate sources, but seems
to also multiply the time it takes to timeout when no match is found. So,
the question is then, is it even wise to have multiple name servers defined
in /etc/resolv.conf?
- Mark
More information about the bind-users
mailing list