On Fri, Aug 25, 2017 at 07:34:16AM +0900, Mark Fletcher wrote: > On Thu, Aug 24, 2017 at 04:39:13PM -0400, Greg Wooledge wrote: > > I strongly recommend just running your own caching DNS resolver on the > > DHCP server host. ISP nameservers are often slow and unreliable. > > OK, thanks for the advice. One possibly stupid question though... > whenever a DNS server running on my own firewall doesn't have an answer > to a DHCP query, it is going to broadcast it out... to the ISP's DNS > servers, no?
DHCP and DNS are two separate things. DHCP is what your clients systems on your Local Area Network use to get their IP addresses and netmasks and default gateways. And possibly also their list of DNS nameserver IP addresses, if you don't just configure that locally. DNS is the protocol used to look up domain names and get back IP addreses, or vice versa. If your firewall box is running a nameserver (i.e. a caching DNS resolver), and if the LAN clients are configured to use that nameserver, then no queries are ever sent to your ISP's nameservers at all. Your caching resolver does all the work, talking directly to the root servers, and the .COM servers, and so on.
