On Thu, Aug 24, 2017 at 04:39:13PM -0400, Greg Wooledge wrote: > On Thu, Aug 24, 2017 at 10:21:04PM +0200, Pascal Hambourg wrote: > > Le 24/08/2017 à 11:30, Reco a écrit : > > > > > > Somewhat hackish, but straightforward way to achieve this is to redirect > > > DNS requests from your LAN to correct DNS. Something like this should do > > > the trick: > > > > Not so straightforward because you still need to get the ISP's DNS and > > update the iptables rules whenever the DNS change. > > I strongly recommend just running your own caching DNS resolver on the > DHCP server host. ISP nameservers are often slow and unreliable. >
OK, thanks for the advice. One possibly stupid question though... whenever a DNS server running on my own firewall doesn't have an answer to a DHCP query, it is going to broadcast it out... to the ISP's DNS servers, no? So I'm not actually getting away from the ostensibly slow (which I could easily believe) and/or unreliable (which I've never seen evidence of) ISP DNS servers, just by installing my own. I suppose I could override my resolv.conf somehow on my firewall machine to use DNS servers regarded as fast and reliable. But I doubt any of those are physically close to me here in Japan -- eg Google's are no doubt in the US, about as far away from me as it is possible to get while still being on planet Earth. Hard to imagine that is going to be faster. Or am I missing the point? And, in terms of a local caching DNS server -- would BIND be the recommended solution? Thanks Mark
