Caching resolver and options rotate
Chris Buxton
cbuxton at menandmice.com
Fri May 16 23:58:15 UTC 2008
Assuming your caching resolving is a BIND name server, it will ignore
resolv.conf.
BIND 9.3 and later will use the RTT algorithm when choosing between
forwarders. It sounds like you're planning to use forwarders, as in:
options {
[... other statements ...]
forwarders { 192.0.2.1; 192.0.2.2; 192.0.2.3; };
};
You may find it better, however, not to use forwarding at all - to use
your DNS server as the final recursion server, instead of passing the
buck upstream to your ISP. That way, you don't depend on the stability
and security of their name servers for anything. (If you do decide to
use forwarding, you should be absolutely sure that your ISP's name
servers run a current version of BIND 9 rather than BIND 8, or a
current version of MS DNS rather than MS DNS before about Win2K3 SP1,
before you set up forwarding. Otherwise, bad things can come of
forwarding, relating to DNS cache poisoning, and therefore pharming
attacks.)
Chris Buxton
Professional Services
Men & Mice
On May 16, 2008, at 7:44 PM, Brent Jones wrote:
> Bind users,
> I will be setting up an internal caching resolver, and would like to
> spread
> the burdon on our upstream's DNS servers by alternating which of their
> servers we query.
> I found the option for resolv.conf: options rotate
> Says it will rotate the DNS server it queries for each new query the
> resolver gets.
> This scenario would have our internal servers query the internal
> caching
> resolver, which will then hopefully rotate the DNS servers it queries
> against according to the nameserver list.
> Am I correct that this behavior will occur?
> Regards,
>
> --
> Brent Jones
> brent at servuhome.net
>
>
>
More information about the bind-users
mailing list