On 07/02/11 at 02:06pm, Andrei POPESCU wrote: > On Sb, 02 iul 11, 09:35:35, Erwan David wrote: > > > > That's what I do : I have unbound locally for recursive, and it caches > > for the local network + bind for authoritative. > > Not sure what "recursive" means [...] Recursive queries are what actual DNS servers perform to find the answer. Your OS stub resolver performs forwarding, sometimes caching. It knows about a DNS server (from /etc/resolv.conf) and passes your request to it. This continues until it reaches a machine willing to recurse, or until it reaches a machine unwilling to either recurse or forward and then you will receive an error because your request was not completed. Once your request reaches a recursing server, it queries the root servers to find the nameserver for the TLD, then the TLD nameserver to find the nameserver for the domain in question, then the nameserver for the domain in question for your actual result. It then passes it back to the client or forwarder who requested, and it ultimately returns to you. So you see, if you install a local recursive DNS server, and not just a forwarder/DHCP-helper like dnsmasq, you do not need to rely on your ISP's DNS servers. Your machine will return results directly from the internet even if your ISPs nameservers go down, and it will return accurate results even if your ISP poisons their DNS. They frequently do this by returning spam records instead of NXDOMAIN results, which imo ought to be illegal (at least in the U.S.) -- Liam
Attachment:
signature.asc
Description: Digital signature