Re: Should I use a proxy? DNS cache?

To: debian-user@lists.debian.org
Subject: Re: Should I use a proxy? DNS cache?
From: Crispin Wellington <crispin@aeonline.net>
Date: 06 Apr 2002 15:53:42 +0800
Message-id: <[🔎] 1018079624.663.34.camel@water>
In-reply-to: <[🔎] 3CAEA62F.5060904@goingware.com>
References: <[🔎] 3CAEA62F.5060904@goingware.com>

On Sat, 2002-04-06 at 15:39, Michael D. Crawford wrote:
> I have a small home lan that is routed to the internet through a machine that 
> provides IP masquerading with kernel 2.4.18 iptables.  The gateway machine 
> connects to the net with a 56k modem.  There are three client machines, plus the 
> gateway for a total of four machines.
> 
> Presently I am using neither a proxy nor a DNS cache.  Would it help things to 
> use them?  I can see how having a DNS cache would help when my ISP's nameserver 
> goes down, which it seems to quite a bit.
> 
> If I should use a proxy, which one should I get?

Yes, it will help. Especially if the different people at the different
computers have similar browsing habits. A banner blocker in your web
proxy can also help reduce traffic across your modem.

I would recommend squid for the web proxy and sleezeball for the banner
blocker.

DNS is another issue. I would suggest you use djbdns (
http://cr.yp.to/djbdns.html ) rather than Bind, as it will allow you to
decide what you want and only what you want to have it do, and will use
significantly less resources on your gateway machine. It is easier to
configure, less prone to attacks, and breaks less often :)

You can implement a DNS cache, that is a forwarding only cache. It asks
another DNS server (your ISP's) for all its requests and cache's the
responses (dnscache). It is not a DNS server. You could however
implement a full resolver (dnscache again) that actually resolves DNS
names from the root-servers down. This means you won't rely on your
ISP's name server and your name-server is immune to cache-poisoning.
This uses more traffic though (it has to recursively resolve from the
root-servers down. It caches responses of course). But I have found it
works fine over a 56k dialup. 

You may also, while you are at it, implement your own local DNS server
for internal use (tinydns) so that internal machines and their names are
all resolved via an internal only DNS.

These are only my suggestions of course. YMMV. Good luck.

Crispin Wellington

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Should I use a proxy? DNS cache?
  - From: "Sean 'Shaleh' Perry" <shalehperry@attbi.com>

References:
- Should I use a proxy? DNS cache?
  - From: "Michael D. Crawford" <crawford@goingware.com>

Prev by Date: Re: Chart drawing soft ?
Next by Date: Re: printing off the internet
Previous by thread: Should I use a proxy? DNS cache?
Next by thread: Re: Should I use a proxy? DNS cache?
Index(es):
- Date
- Thread