>>>>> "Dave" == Dave Taht writes: Dave> The ongoing DNS issues bug me. For most uses these days I disable bind Dave> entirely, as the 12-20MB it uses up are better used for packets. I do Dave> use it on 3800s but not on 3700v2s. Evan/Dave, I am not in a position to gather primary data, but how much space does bind9 really need just to start with an empty cache? I'd think that, at that point, how much memory is then allocated to the cache can be controlled by some named.conf control? It hasn't mattered to me, so I've never looked it up... (and got no network, and tablet has no bind(9)). I think that we want to push the DNS servers that we get from DHCP into bind's forwarders statement (which I think you agree with via forwarders.conf comment, but I don't know if it's exactly equivalent to forwarders {}). Let's leave the qualification of whether or not the servers do the right thing to bind itself... the forwards {} stanza can have multiple items, and bind will give up on them if they don't work, and talk to the root name servers directly if none work. (Unless you have forwarders-only...) Your NXDOMAIN concerns... is this about ISPs (like Rogers.com) that helpfully lie and make up A records for things that do not exist? I suggest that this determination be done separately (in another module). Someone else can solve that problem, and withdraw things from forwarders.conf as appropriate. Dave> 2) Going the the DNS roots with bind, is OK, but it is always faster, Dave> and more reliable to use the ISP provided DNS servers, if they ..if..if.. the biggest problem is not that it's faster, but that some ISPs have services, e.g: "mail" which they do not document as FQDNs. We (homenet-ish systems) need to have local DNS services, and have the ability to query walled gardens, etc... Dave> Given the amount of time, energy, and money (all 0) I personally have Dave> to deal with these issues, I'm mostly tempted to save on hair by Dave> making dnsmasq the default going forward, and write off bind for now. I concur... "for now" Maybe others with paid time can step up to make this happen.. (Evan?) -- Michael Richardson -at the cottage-