On 07/05/11 at 10:09pm, Andrei POPESCU wrote: > On Sb, 02 iul 11, 12:23:39, William Hopkins wrote: > > On 07/02/11 at 02:06pm, Andrei POPESCU wrote: > > > On Sb, 02 iul 11, 09:35:35, Erwan David wrote: > > > > > > > > That's what I do : I have unbound locally for recursive, and it caches > > > > for the local network + bind for authoritative. > > > > > > Not sure what "recursive" means [...] > > > [snip recursive explanation] > > Thanks a lot for this explanation, DNS is still a bit like dark magic to > me :) > > My understanding is that a recursive DNS server (especially one with > DNSSec support) would make sense in networks with more then just a > couple of devices, especially since you need a separate DHCP server > anyway. Of course, this doesn't account for the "I want to tinker" > factor ;) The primary reasons are 1) reliability separate from your ISP and 2) verified correct results without NXDOMAIN spam and other such things. For 1, although your ISPs routers may be up their DNS may go down or become incorrectly configured, and then you wouldn't be able to browse or use most internet services. For 2, you cannot trust your ISP to give you accurate results.. NXDOMAIN spam is almost universal now and in many cases ISPs have been caught blocking websites via DNS resolution which is in a very grey legal area in the US, but I consider blatantly unethical. Both of these reasons apply whether you have one box or one hundred. The DNSsec issue also plays into 'you can't trust ISPs' and applies, but I won't go into it, this is a wall of text as it is. Please believe point 2 is based in verified and somewhat commonly-known fact, and not paranoia (: -- Liam
Attachment:
signature.asc
Description: Digital signature