G'day, From: "Russell Coker" <[EMAIL PROTECTED]> > On Fri, 29 Oct 2004 09:56, "Donovan Baarda" <[EMAIL PROTECTED]> wrote: > > I actually run pdnsd. I find it leaner and simpler than named. However, is > > "run named on all hosts" really better than "run nscd on all hosts"? > > That's debatable. Some people will say that DNS servers are too much of a > security risk. However another issue is that nscd uses different cache > algorithms to DNS servers and is likely to either give worse performance or > less accurate results than using a DNS server.
I'd say that sounds like a bug in nscd :-) Seriously, does nscd really not correctly handle dns caching/expiry properly? I thought the dns caching stuff was well thought out and defined... not implementing it properly would be dumb. > Try pinging smtp.sws.net.au (my mail server) and www.coker.com.au (my web > server). Note that the repeated reverse lookups only occur on > www.coker.com.au, it seems that the repeated lookups only occur if forward > and reverse DNS don't match (but I haven't checked the source code to verify [...] I don't think that it's that simple... I seem to be getting lookups for both of those. Are you sure you didn't just have smtp.sws.net.au in your hosts file? > > This is when I first noticed this behaviour... ping was taking ~10secs > > between each ping packet... it turns out waiting for nslookups to time out > > before trying the second nameserver between each ping. > > I think that ping is buggy in this regard. I think that it should just keep > using the first DNS result that it gets, if the user wants ping to re-do the > DNS lookups then they will press ^C and re-start it! Would you like to file > the bug report or shall I? There may be reasons that it doesn't.... round robin DNS? Dynamic DNS "flapping"? dunno. > If there was a choice between running only nscd or only named then nscd might > be a reasonable option. But given that every serious network will need a > caching DNS proxy (for which task it's unfortunate that there is nothing > better than BIND) it doesn't seem to be a problem to me that you run it on > several machines instead of just one. > > If you have only a single machine connected to an ISP then maybe nscd will be > the best choice. However that scenario is becoming increasingly rare. I prefer to run a caching dns server on one machine, and nscd on all the clients. In my case I'm using libnss-ldap on the clients so I kinda need to run it anyway. The other reason either a caching dns or nscd is a better idea than multiple nameservers in resolve.conf is the timeout waits on every lookup when the first nameserver is down. ---------------------------------------------------------------- Donovan Baarda http://minkirri.apana.org.au/~abo/ ---------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
