[TriLUG] What could be going on with my nameserver?

Jon Carnes jonc at nc.rr.com
Tue Nov 1 18:43:00 EST 2005 

I won't debate the issue of forwarders with Aaron, since he's right. In
some situations they are better - most notably when you don't have the
cpu/ram/cache to run a proper caching Name server - hence the forwarding
done by a POS application firewalls like Netgear.

As to the advantages of using Time Warner's Name servers, I need only
point you to the numerous past TriLUG postings on their periodic
unreliable nature (they have been much better lately). I still don't
trust Time Warner for my company or my clients use (though I run a lot
of clients off Time Warner). My own Name servers have 100% uptime for
over three years...

What both Aaron and I agree on though is that the DNS forwarding app in
the Netgear is not doing the job for you and your company. Dump that. If
you are going to use a forwarder - then go directly to the DNS servers
that the Netgear is using.  If you still have problems then dump the use
of forwarders and just do your own look ups. It is the way of Open
Source.

Good Luck,

Jon

On Tue, 2005-11-01 at 18:22, Aaron Joyner wrote:
> Jon Carnes wrote:
> 
> >You really shouldn't be using forwarders anymore.  And *don't* forward
> >your DNS requests to a crappy low powered non-caching DNS forwarding app
> >running on your Netgear router...
> >
> >You should have a file called "root.hint". your server will use this to
> >populate itself with the current root Name servers. This lets your local
> >Name server do direct lookup's for DNS requests.
> >
> >Here is an example setup for using the root.hint file...
> >
> Just to counter the absolute nature of the honorable Jon's statement a 
> bit, there are definitely some circumstances where a forwarder isn't a 
> bad idea.  If you're on the other side of a slow link (ala a modem), 
> then a forwarder can shave literally seconds off every click you make in 
> a web browser.  When the links involved are faster (your on some 
> broadband connection), you're still going to have a latency of 30-ish 
> milliseconds to the DNS server.  So a forwarder (purely from a latency 
> standpoint) can shave maybe at most 50 to 100ms off every lookup you 
> make.  That's not huge, but it's not negligible, but it's not the real 
> benefit of a forwarder.  Consider the number and variety of queries sent 
> to your name server, vs the number and variety sent to (for example) 
> Time Warner's name servers?  Virtually anything you're likely to request 
> is probably already cached on the TW name servers, because someone has 
> gone to that page recently.  If you haven't gone to slashdot.org in the 
> last 7200 seconds (2 hours), you're going to be looking it up all over 
> again.  On the other hand, it's really likely that some other geek on 
> broadband has gone to slashdot in the past couple hours, so you'll shave 
> your query time down from two queries (~120ms) to one query to a closer 
> server (network wise, at least, ~35 ms).  Granted, we're still talking 
> in the sub-250ms arena, which isn't a big deal, but it's worth 
> mentioning the general benefit of forwarders.
> 
> Also, don't forget that it's the more net-efficient and thus 
> net-friendly way to run things, as you're reducing the load on the end 
> servers in favor of using a bigger more-local cache.  The strongest 
> counter-argument is when  you can't be dependent on the forwarders to 
> either a) reliably give you the right answer (security) or b) always 
> give you an answer (reliability).  I'll leave those arguments to be made 
> by someone else.  :)
> 
> Aaron S. Joyner

More information about the TriLUG mailing list