[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Telnet/Winblows. Benefits of DNS etc.



On Sun, 05 Mar 2000, Matthew John Palmer wrote:

>Agreed, that is a good reason to run a nameserver.  However, if you're
>running a forwarding NS (the only way I have really managed to get a NS
>working over a temporary link) then you still need to change forwarders when
>you change ISPs, and then restart named.  Admittedly that's less of a hassle
>than killing everything off and starting again.
>
>The other possibility - a full-blown nameserver (with a hints file and so
>forth) does not work satisfactorily for temporary links, in my experience. 
>The problem is that the NS needs to get a new list of master nameservers
>every once in a while - and it has a prime fit if it can't.  You need to
>have the link up whenever named wants the server list, otherwise it gets
>mightly upset.
>
>If you've got any suggestions for how to fix this problem, I'd love to hear
>them.

Not really. I similarly have a "forward only"
setup and reconfigure named.conf at connect time to set the forwarders to
whatever nameservers usepeerdns advises. This seems to be the best thing to do
on an intermittent link with the current version of bind. 

If you want to go "forward first" then I guess you should just add a little
script to ip-up that will fetch the latest root hints on a monthly basis.
(Maybe ip-down would be better.) Of course if you do this you should still
restart named at ip-up and down so that you have a blank root hints file
offline to avoid those irritating network timeouts. 

I used to use "forward first" (I never got around to automatically fetching the
root hints file periodically) but I stopped doing this because I seemed to get
connections from nameservers other than the ones in the roots file. I presume
that this was because my request had been forwarded to another nameserver or
something. If anyone can explain this I'd be interested. Anyhow, this made
firewalling a bit complicated. I presume that this is why there is an option in
named.conf to make all (tcp) traffic come into port 35. But I guess if port 35
is open you should chroot named and I couldn't be bothered to do that.

Actually, I forgot to say the biggest advantage of using named in my original
post. You can log lookups and this is only way you can be really _sure_ that
you stopped sendmail doing lookups ;-) 

atb
Martin
 -- 
http://www.shef.ac.uk/~pm1mph



---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.