| 1 |
On Sun, 20 May 2012 06:15:42 +0530 |
| 2 |
Nilesh Govindrajan <contact@××××××××.com> wrote: |
| 3 |
|
| 4 |
> On Sat, May 19, 2012 at 10:06 PM, Alan McKinnon |
| 5 |
> <alan.mckinnon@×××××.com> wrote: |
| 6 |
> > On Sat, 19 May 2012 07:45:56 +0530 |
| 7 |
> > Nilesh Govindrajan <contact@××××××××.com> wrote: |
| 8 |
> > |
| 9 |
> >> Hi, |
| 10 |
> >> |
| 11 |
> >> Which is the best caching dns server? I'm presently using |
| 12 |
> >> pdns-recursor, which is quite good, but doesn't have option to set |
| 13 |
> >> minimum ttl (doesn't make sense, but some sites like twitter have |
| 14 |
> >> ridiculously low ttl of 30s). Also, it isn't able to save cached |
| 15 |
> >> entries to file so that it can be restored on next boot. Any |
| 16 |
> >> option? |
| 17 |
> > |
| 18 |
> > You can use almost any cache you want... |
| 19 |
> > |
| 20 |
> > ... except bind |
| 21 |
> > |
| 22 |
> > We use unbound. Does the job, does it well, developer very |
| 23 |
> > responsive. |
| 24 |
> > |
| 25 |
> > But do not fiddle with TTLs, that breaks stuff in spectacular ways. |
| 26 |
> > Essentially, with the TTL the auth server is saying "We guarantee |
| 27 |
> > that you can treat this RR as valid for X amount of time and suffer |
| 28 |
> > no ill effects if you do" |
| 29 |
> > |
| 30 |
> > What you want to do is break that agreement, which is really not s |
| 31 |
> > good idea. |
| 32 |
> > |
| 33 |
> >> |
| 34 |
> >> I am keeping my box 24x7 on because it serves as dns on my small |
| 35 |
> >> home wifi, not acceptable to me, because network is almost off at |
| 36 |
> >> night (only phone) and I have my router as secondary dns. |
| 37 |
> > |
| 38 |
> > Just use Google's caches or OpenDNS. They do the job so much better |
| 39 |
> > than you ever could. Why reinvent the wheel? |
| 40 |
> > |
| 41 |
> > |
| 42 |
> |
| 43 |
> Slow connection. See my previous reply to the list. I'm using pdnsd, |
| 44 |
> which can persist records and has every damn feature I wanted. |
| 45 |
> |
| 46 |
|
| 47 |
Fair enough, but consider this: |
| 48 |
|
| 49 |
If your connection is slow, the only thing you speeded up is the DNS |
| 50 |
lookups. Thereafter, everything else is still as slow as it ever was. |
| 51 |
And if you feel the need to speed up DNS lookups then the odds are very |
| 52 |
good that "everything else" is too slow i.e. not exactly usable. |
| 53 |
|
| 54 |
We get this a lot from our customers too, and the advise we give them |
| 55 |
is to look closely at their traffic throttling. In almost every case |
| 56 |
all UDP traffic has had the living crap throttled out of it somewhere |
| 57 |
by folk that don't really think things through, severely affecting |
| 58 |
dns and ntp as well as AV streaming. |
| 59 |
|
| 60 |
Throttled DNS rapidly gets out of hand, IIRC the last time we did some |
| 61 |
measurements it only takes around 5% of dns lookups to go wonky for the |
| 62 |
situation to rapidly spiral out of control - when dns fails the cache |
| 63 |
will try a TCP lookup and that's like wading through molasses. |
| 64 |
|
| 65 |
Our advice to customers is to first unthrottle dns and ntp completely, |
| 66 |
give it the highest possible priority (these are extremely light |
| 67 |
protocols and seldom show up on the radar when you do this), and see |
| 68 |
how that goes. |
| 69 |
|
| 70 |
It just seems to me that you *might* be trying a very unusual solution |
| 71 |
for a problem that is better handled one layer lower down. |
| 72 |
|
| 73 |
-- |
| 74 |
Alan McKinnnon |
| 75 |
alan.mckinnon@×××××.com |
Archives