Slightly OT: Using ISP's DNS server as forwarder with local caching dns server

Stephen Swaney steve.swaney at fsl.com
Sun Nov 20 22:51:26 GMT 2005


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Ugo Bellavance
> Sent: Friday, November 18, 2005 1:56 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Slightly OT: Using ISP's DNS server as forwarder with local
> caching dns server
> 
> Hi,
> 
> 	I was reading Sendmail's bat book and it was saying that it was
> better
> to use a "busy" DNS server, to make sure the entries don't time out.
> 

If you're running SpamAssassin whichever name server you're using is a very
"busy DNS server" :)

> 	I run a caching name server (redhat's package, using bind) and I was
> wondering if I could get a benefit of having my ISP's DNS server as a
> forwarder.  From what I can understand, the forwarder will be used if my
> local server does not have the answer in the cache.  If my ISP has the
> entry in cache, it would be faster to retrieve it this way than doing
> the whole query by my local server.
> 
> 	Any opinions?  Is that actually possible with the redhat
> package+edits
> or I'd need to configure bind manually to set the caching+forwarders to
> avoid conflicts?
> 
> Regards,
> --
> Ugo
> 
Ugo,

Red Hat's standard named.conf's includes these lines at the top:

options {
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
       // forwarders {
       //         111.111.111.15;
       //         111.111.111.17;
       //         };
};

The lines which call the forwarder in the snippet above are commented out
with the "//"s. You can change these to match your forwarder's IP address,
uncomment the lines, restart named (or nscd). Do check to make sure named or
nscd is working after your edits!

I've thought about this a bit and tried different approaches over the years
and I'm not convinced that adding forwarders on a system that's using
SpamAssassin is an absolute plus. I believe that using nscd, or better,
running a name server on the gateway is a good idea but I can easily be
corrected if someone can offer some logic to prove their point.

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list