[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bind: mine or my ISP's? + proxy propaganda (was: what'sinternet-zahav and NV's nameservers?)
On Wed, 20 Jan 1999, guy keren wrote:
> > I'd simply block port
> > 53/tcp for incoming connections and forget about over half your worries,
> > then I think there is a way to nicely block DNS responses from servers you
> > have not queried, etc.
>
> up until this line, i thought i'd say "yes, do what he sais". but now that
> you mention that simple blocking is not enough.... oh well.
well, 53/tcp is for zone transfers, caching nameservers don't need that
enabled. 53/udp is for standard queries, and I think bind-8 knows how to
ignore illegally pushed "replys". I can check.
> > difference in first lookup time is under 1ms, I wouldn't even give it a
> > thought, and as for memory... I have a busy server here, main DNS of the
> > intranet, and it's only 1.3 megs in memory. that's a good sacrifice for a
> > faster name resolution on dialups, especially with 32 megs and up of
> > system memory, and then it would probably take less memory too (how much
> > does it take on YOUR machine?)
>
> sorry. there was an implicit (now to become explicit) assumption that the
> person who was asking this, was refering to a machine connected to the
> internet with a dialup connection (which has a 200ms or 300ms turn-around
> latency). all my 'calculation' and conclusions are relevant to such a
> situation. ofcourse if you have a faster connections, this is completely
> different. next time i'll try to state such implicit assumptions.
I meant:
program --> resolv.conf --> remote DNS --> reply back
compared to:
program --> resolv.conf --> local DNS --> remote DNS --> reply --> reply
is 1 ms of difference, because in the latter, one query is local, and the
other remote one is the major delayer. the advantage is the caching for
later, the rest I wrote already.
> and btw, regarding the URL comment of frodo, i would add that one may even
> try to run a local proxy server, configured to pool data from their ISP's
> proxy server. i've done it once as a smallish excersize, and even with the
> small disk space i gave it, it had some advantages over using the cache of
> the web browser :
squid is definitely a boon, a must if more than 2-3 users are connected.
--
Ira Abramov ; whois:IA58 ; www.scso.com ; all around Linux enthusiast
`When you say "I wrote a program that crashed Windows", people just stare
at you blankly and say "Hey, I got those with the system, *for free*".'
(Linus Torvalds)