[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Disable DNS Recursive Lookups on RAQ?
- Subject: Re: [cobalt-users] Disable DNS Recursive Lookups on RAQ?
- From: Alex Krohn <alex@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu Aug 22 12:28:03 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi,
> > I recently performed a DNS "timing test" at http://www.dnsstuff.com. It
> > came back and said that my DNS services allow recursive lookups, which
> > is bad because "if lots of people are using the server, it can slow
> > down".
>
> Sure, and if you don't have recursive lookups turned on, then YOU can't
> use the DNS server, so whose server will YOU use?
>
> > I understand recursive lookups, and was wondering if there was a
> > way to disable these, and if there are any negative impacts on doing so.
>
> Yes, you can disable it in the /etc/named.conf file (see "man named" or
> the "cricket" book, "DNS and Bind" from O'Reilly), but if you do, you'll
> have to use some other nameservers for your own resolution needs, and
> any changes you make to DNS may overwrite your changes.
The best thing to do is to run two named's on your server. An
authoritative named that only answers for domains on your server (recursion
turned off), and a caching named that allows recursive lookups but only
accepts queries from localhost. You then updated your /etc/resolv.conf
and set it to your caching name server.
This way everyone on the internet can't use your name servers.
It's a bit complex to setup, and I don't think there is an easy pkg file
for it, but worth it to set it up properly.
Cheers,
Alex