[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netstat performance

On 07/05/11 at 10:09pm, Andrei POPESCU wrote:
> On Sb, 02 iul 11, 12:23:39, William Hopkins wrote:
> > On 07/02/11 at 02:06pm, Andrei POPESCU wrote:
> > > On Sb, 02 iul 11, 09:35:35, Erwan David wrote:
> > > > 
> > > > That's what I do : I have unbound locally for recursive, and it caches
> > > > for the local network + bind for authoritative.
> > > 
> > > Not sure what "recursive" means [...]
> > 
> [snip recursive explanation]
> Thanks a lot for this explanation, DNS is still a bit like dark magic to 
> me :)
> My understanding is that a recursive DNS server (especially one with 
> DNSSec support) would make sense in networks with more then just a 
> couple of devices, especially since you need a separate DHCP server 
> anyway. Of course, this doesn't account for the "I want to tinker" 
> factor ;)

The primary reasons are 1) reliability separate from your ISP and 2) verified
correct results without NXDOMAIN spam and other such things. For 1, although
your ISPs routers may be up their DNS may go down or become incorrectly
configured, and then you wouldn't be able to browse or use most internet
services. For 2, you cannot trust your ISP to give you accurate results..
NXDOMAIN spam is almost universal now and in many cases ISPs have been caught
blocking websites via DNS resolution which is in a very grey legal area in the
US, but I consider blatantly unethical. Both of these reasons apply whether you
have one box or one hundred. The DNSsec issue also plays into 'you can't trust
ISPs' and applies, but I won't go into it, this is a wall of text as it is.

Please believe point 2 is based in verified and somewhat commonly-known fact,
and not paranoia (:


Attachment: signature.asc
Description: Digital signature

Reply to: