1 |
On Sun, 20 May 2012 06:15:42 +0530 |
2 |
Nilesh Govindrajan <contact@××××××××.com> wrote: |
3 |
|
4 |
> On Sat, May 19, 2012 at 10:06 PM, Alan McKinnon |
5 |
> <alan.mckinnon@×××××.com> wrote: |
6 |
> > On Sat, 19 May 2012 07:45:56 +0530 |
7 |
> > Nilesh Govindrajan <contact@××××××××.com> wrote: |
8 |
> > |
9 |
> >> Hi, |
10 |
> >> |
11 |
> >> Which is the best caching dns server? I'm presently using |
12 |
> >> pdns-recursor, which is quite good, but doesn't have option to set |
13 |
> >> minimum ttl (doesn't make sense, but some sites like twitter have |
14 |
> >> ridiculously low ttl of 30s). Also, it isn't able to save cached |
15 |
> >> entries to file so that it can be restored on next boot. Any |
16 |
> >> option? |
17 |
> > |
18 |
> > You can use almost any cache you want... |
19 |
> > |
20 |
> > ... except bind |
21 |
> > |
22 |
> > We use unbound. Does the job, does it well, developer very |
23 |
> > responsive. |
24 |
> > |
25 |
> > But do not fiddle with TTLs, that breaks stuff in spectacular ways. |
26 |
> > Essentially, with the TTL the auth server is saying "We guarantee |
27 |
> > that you can treat this RR as valid for X amount of time and suffer |
28 |
> > no ill effects if you do" |
29 |
> > |
30 |
> > What you want to do is break that agreement, which is really not s |
31 |
> > good idea. |
32 |
> > |
33 |
> >> |
34 |
> >> I am keeping my box 24x7 on because it serves as dns on my small |
35 |
> >> home wifi, not acceptable to me, because network is almost off at |
36 |
> >> night (only phone) and I have my router as secondary dns. |
37 |
> > |
38 |
> > Just use Google's caches or OpenDNS. They do the job so much better |
39 |
> > than you ever could. Why reinvent the wheel? |
40 |
> > |
41 |
> > |
42 |
> |
43 |
> Slow connection. See my previous reply to the list. I'm using pdnsd, |
44 |
> which can persist records and has every damn feature I wanted. |
45 |
> |
46 |
|
47 |
Fair enough, but consider this: |
48 |
|
49 |
If your connection is slow, the only thing you speeded up is the DNS |
50 |
lookups. Thereafter, everything else is still as slow as it ever was. |
51 |
And if you feel the need to speed up DNS lookups then the odds are very |
52 |
good that "everything else" is too slow i.e. not exactly usable. |
53 |
|
54 |
We get this a lot from our customers too, and the advise we give them |
55 |
is to look closely at their traffic throttling. In almost every case |
56 |
all UDP traffic has had the living crap throttled out of it somewhere |
57 |
by folk that don't really think things through, severely affecting |
58 |
dns and ntp as well as AV streaming. |
59 |
|
60 |
Throttled DNS rapidly gets out of hand, IIRC the last time we did some |
61 |
measurements it only takes around 5% of dns lookups to go wonky for the |
62 |
situation to rapidly spiral out of control - when dns fails the cache |
63 |
will try a TCP lookup and that's like wading through molasses. |
64 |
|
65 |
Our advice to customers is to first unthrottle dns and ntp completely, |
66 |
give it the highest possible priority (these are extremely light |
67 |
protocols and seldom show up on the radar when you do this), and see |
68 |
how that goes. |
69 |
|
70 |
It just seems to me that you *might* be trying a very unusual solution |
71 |
for a problem that is better handled one layer lower down. |
72 |
|
73 |
-- |
74 |
Alan McKinnnon |
75 |
alan.mckinnon@×××××.com |