Ralph Seichter m16+tor@monksofcool.net wrote:
On 12.09.17 23:43, Roman Mamedov wrote:
I take it you're being ironic?
Guess I failed at doing that well, if you had to clarify. (Or maybe you didn't read my entire message.)
I did read it. Just the pitfalls of non-verbal communication, and I'm also not a native English speaker. ;-)
Running your own authoritative nameservers is laudable as well, but the current discussion is about recursive resolvers. You know, the likes of 8.8.8.8 and the ones your ISP runs for their clients "to reduce traffic".
If you read *my* messages in this thread, you'll find that I am fully aware of this. I even mentioned Google's infamous resolver by IP. :-) I came across one ISP so far which does not provide resolvers for their customers but points resolv.conf to Google's servers. Not good.
Note that 'dnsmasq' won't do, that's just a caching proxy to a fixed set of a few upstream DNS resolvers; you need 'unbound' which IS a full independent DNS resolver itself.
Yeah, I use Unbound and BIND myself, with the former of course being much more frugal in terms of resource requirements. Easy to set up, too.
I'd like to add a note here for FreeBSD users. In addition to unbound or any of the other resolvers available in the ports tree, DNS queries for name-to-address resolution can be further reduced by a small caching utility that is in the base system, called nscd(8). Check the man pages for nscd.conf(5) and nsswitch.conf(5) to see how easily you can configure its use. nscd can also cache other, non-DNS queries' results as well (e.g., NIS). After setting up nsswitch.conf and nscd.conf (just a few lines each), remember to add a line that says, "nscd_enable=YES", to /etc/rc.conf and then (as root) give the following command.
# service nscd start
Note that the rc.conf entry will take care of starting nscd(8) after a reboot. The command shown above is only necessary when starting nscd at other times. nscd's caching service gets inserted between the resolver(3) and its queries of local DNS caches or distant name servers, and it is quite fast, but it serves only the machine it runs on. Further, it maintains per-user caches for each type of data. Any user can flush his cache of one type of data or all types of data. root also has the option of flushing all of the per-user caches by type of data or all types of data. Here is an example of an nscd configuration (nscd.conf).
threads 4 enable-cache passwd yes # enable-cache group yes enable-cache hosts yes enable-cache services yes enable-cache protocols yes enable-cache rpc yes enable-cache networks yes suggested-size hosts 2111 keep-hot-count hosts 4096 positive-policy hosts lfu suggested-size services 1123
And here is nsswitch.conf to go with the above.
group: files group_compat: nis hosts: cache files dns networks: cache files passwd: cache files passwd_compat: nis shells: cache files services: compat services_compat: nis protocols: cache files rpc: cache files
Note that the only lines in each that pertain to the current discussion are the lines that refer to hosts. The rest are for caches of other data. As you can see, configuring this high-speed, local-service-only caching daemon is trivially easy and brief and requires installation of *no* other software. It can be used with or without a caching name server or other caching resolver software.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************