[TriLUG] What could be going on with my nameserver?

Aaron Joyner aaron at joyner.ws
Tue Nov 1 18:22:14 EST 2005 

Jon Carnes wrote:

>You really shouldn't be using forwarders anymore.  And *don't* forward
>your DNS requests to a crappy low powered non-caching DNS forwarding app
>running on your Netgear router...
>
>You should have a file called "root.hint". your server will use this to
>populate itself with the current root Name servers. This lets your local
>Name server do direct lookup's for DNS requests.
>
>Here is an example setup for using the root.hint file...
>
Just to counter the absolute nature of the honorable Jon's statement a 
bit, there are definitely some circumstances where a forwarder isn't a 
bad idea.  If you're on the other side of a slow link (ala a modem), 
then a forwarder can shave literally seconds off every click you make in 
a web browser.  When the links involved are faster (your on some 
broadband connection), you're still going to have a latency of 30-ish 
milliseconds to the DNS server.  So a forwarder (purely from a latency 
standpoint) can shave maybe at most 50 to 100ms off every lookup you 
make.  That's not huge, but it's not negligible, but it's not the real 
benefit of a forwarder.  Consider the number and variety of queries sent 
to your name server, vs the number and variety sent to (for example) 
Time Warner's name servers?  Virtually anything you're likely to request 
is probably already cached on the TW name servers, because someone has 
gone to that page recently.  If you haven't gone to slashdot.org in the 
last 7200 seconds (2 hours), you're going to be looking it up all over 
again.  On the other hand, it's really likely that some other geek on 
broadband has gone to slashdot in the past couple hours, so you'll shave 
your query time down from two queries (~120ms) to one query to a closer 
server (network wise, at least, ~35 ms).  Granted, we're still talking 
in the sub-250ms arena, which isn't a big deal, but it's worth 
mentioning the general benefit of forwarders.

Also, don't forget that it's the more net-efficient and thus 
net-friendly way to run things, as you're reducing the load on the end 
servers in favor of using a bigger more-local cache.  The strongest 
counter-argument is when  you can't be dependent on the forwarders to 
either a) reliably give you the right answer (security) or b) always 
give you an answer (reliability).  I'll leave those arguments to be made 
by someone else.  :)

Aaron S. Joyner

More information about the TriLUG mailing list