[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netstat performance

On 07/02/11 at 02:06pm, Andrei POPESCU wrote:
> On Sb, 02 iul 11, 09:35:35, Erwan David wrote:
> > 
> > That's what I do : I have unbound locally for recursive, and it caches
> > for the local network + bind for authoritative.
> Not sure what "recursive" means [...]

Recursive queries are what actual DNS servers perform to find the answer. Your
OS stub resolver performs forwarding, sometimes caching. It knows about a DNS
server (from /etc/resolv.conf) and passes your request to it. This continues
until it reaches a machine willing to recurse, or until it reaches a machine
unwilling to either recurse or forward and then you will receive an error
because your request was not completed.

Once your request reaches a recursing server, it queries the root servers to
find the nameserver for the TLD, then the TLD nameserver to find the nameserver
for the domain in question, then the nameserver for the domain in question for
your actual result. It then passes it back to the client or forwarder who
requested, and it ultimately returns to you. 

So you see, if you install a local recursive DNS server, and not just a
forwarder/DHCP-helper like dnsmasq, you do not need to rely on your ISP's DNS
servers. Your machine will return results directly from the internet even if
your ISPs nameservers go down, and it will return accurate results even if your
ISP poisons their DNS. They frequently do this by returning spam records
instead of NXDOMAIN results, which imo ought to be illegal (at least in the


Attachment: signature.asc
Description: Digital signature

Reply to: