From: Michael Richardson <mcr@sandelman.ca>
To: cerowrt-devel@lists.bufferbloat.net
Cc: Evan Hunt <ethanol@gmail.com>
Subject: Re: [Cerowrt-devel] thoughts toward improving cerowrt's DNS and DNSSEC in the next release
Date: Tue, 21 Aug 2012 18:31:31 -0400 [thread overview]
Message-ID: <16667.1345588291@sandelman.ca> (raw)
In-Reply-To: <CAA93jw47CTeZ4K7UNmT2zW6=hXB1GvOOeWndy3M2DK9qpjudwA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2283 bytes --]
>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
Dave> The ongoing DNS issues bug me. For most uses these days I disable bind
Dave> entirely, as the 12-20MB it uses up are better used for packets. I do
Dave> use it on 3800s but not on 3700v2s.
Evan/Dave, I am not in a position to gather primary data, but how much
space does bind9 really need just to start with an empty cache?
I'd think that, at that point, how much memory is then allocated to the
cache can be controlled by some named.conf control? It hasn't mattered
to me, so I've never looked it up... (and got no network, and tablet has
no bind(9)).
I think that we want to push the DNS servers that we get from DHCP into
bind's forwarders statement (which I think you agree with via
forwarders.conf comment, but I don't know if it's exactly equivalent to
forwarders {}).
Let's leave the qualification of whether or not the servers do the right
thing to bind itself... the forwards {} stanza can have multiple items,
and bind will give up on them if they don't work, and talk to the root
name servers directly if none work. (Unless you have forwarders-only...)
Your NXDOMAIN concerns... is this about ISPs (like Rogers.com) that
helpfully lie and make up A records for things that do not exist?
I suggest that this determination be done separately (in another
module). Someone else can solve that problem, and withdraw things from
forwarders.conf as appropriate.
Dave> 2) Going the the DNS roots with bind, is OK, but it is always faster,
Dave> and more reliable to use the ISP provided DNS servers, if they
..if..if.. the biggest problem is not that it's faster, but that some
ISPs have services, e.g: "mail" which they do not document as FQDNs.
We (homenet-ish systems) need to have local DNS services, and have the
ability to query walled gardens, etc...
Dave> Given the amount of time, energy, and money (all 0) I personally have
Dave> to deal with these issues, I'm mostly tempted to save on hair by
Dave> making dnsmasq the default going forward, and write off bind for now.
I concur... "for now"
Maybe others with paid time can step up to make this happen.. (Evan?)
--
Michael Richardson
-at the cottage-
[-- Attachment #2: Type: application/pgp-signature, Size: 489 bytes --]
prev parent reply other threads:[~2012-08-22 0:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-20 18:25 Dave Taht
2012-08-20 18:43 ` George Lambert
2012-08-20 19:16 ` Evan Hunt
2012-08-20 19:44 ` George Lambert
2012-08-20 20:14 ` Evan Hunt
2012-08-20 20:23 ` George Lambert
2012-08-21 22:31 ` Michael Richardson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=16667.1345588291@sandelman.ca \
--to=mcr@sandelman.ca \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=ethanol@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox