forwarder (YES/NO)
Reindl Harald
h.reindl at thelounge.net
Tue Sep 20 12:36:37 UTC 2016
Am 20.09.2016 um 12:29 schrieb Pol Hallen:
> without forwarder, using dig command, "query time" only on some domains
> (I tested italian domains - I live in Italy) is 350-800ms, with
> forwarder almost always is less 100ms (!)
>
> I'd like have my BIND (no forwarder) that works for my lan :-)
which is the preferred setup
> how can I optimize BIND speed? (or maybe I've a wrong config?)
you can't - if you have something not in the cache your nameserver does
recursion asking other nameservers, the next time a client asks for the
same name it's cached and answered within 1 ms
so often needed data are in your cache over time
the google dns is used by many people and so have likely a lot of stuff
in hot caches combined with prefetch - on the other hand such a setup is
completly unuseable for a mailserver using DNSBL/URIBL
another drawback of forwarders is that you never have the full TTL
because it counts down form the first hit until the answer is refreshed
and so you can end up in having 100 ms where the same question on your
own caching server would be within the TTL and just 1 ms
anyways, you don't win much with forwarders and you have a lot of
drawbacks like lay the heart of your network in somebodys hand which
makes it hard to debug in case of troubles, the risk of cache poisioning
is higher and when you have connectivity problems only to google your
whole dns sucks
in short: after we stopped using forwarders all the random dns troubles
"could not find.. in firefox" stopped
More information about the bind-users
mailing list