Re: Should I use a proxy? DNS cache?
>
> DNS is another issue. I would suggest you use djbdns (
> http://cr.yp.to/djbdns.html ) rather than Bind, as it will allow you to
> decide what you want and only what you want to have it do, and will use
> significantly less resources on your gateway machine. It is easier to
> configure, less prone to attacks, and breaks less often :)
>
> You can implement a DNS cache, that is a forwarding only cache. It asks
> another DNS server (your ISP's) for all its requests and cache's the
> responses (dnscache). It is not a DNS server. You could however
> implement a full resolver (dnscache again) that actually resolves DNS
> names from the root-servers down. This means you won't rely on your
> ISP's name server and your name-server is immune to cache-poisoning.
> This uses more traffic though (it has to recursively resolve from the
> root-servers down. It caches responses of course). But I have found it
> works fine over a 56k dialup.
>
> You may also, while you are at it, implement your own local DNS server
> for internal use (tinydns) so that internal machines and their names are
> all resolved via an internal only DNS.
>
I use maradns for the same reasons. I have an internal lan with names (no need
to keep /etc/hosts up to date) and it also acts as a cache. mara seems quite
secure and has a more palatable license and author.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: