Yves Goergen wrote:
On 24.07.2008 08:32 CE(S)T, Matt Kettler wrote:
Matthias Leisi wrote:
Since many mailservers will query the same DNS-related information (eg
DNSxL lookups on widely-used mailservers like eg from Yahoo, or from
the
same botnets), traffic savings through caching are _considerable_.
True, but you can also run a caching DNS server that forwards to your
ISP one and gain a double-benefit traffic wise. You're still using
your ISP's servers and their cach, but you're also caching locally.
I see no use in that.
Actually, you really should. Using a local cache has the exact same
benefits as using the ISPs nameservers, and it all boils down to
bandwidth and latency. The local cache saves bandwidth on your local
link, while the ISP nameserver saves bandwidth on the ISP's peering
links. Using both together via a caching forwarder nets both benefits.
Of course, it wouldn't fix your problem here, because a forwarder is
still almost completely dependent on the ISP nameserver it forwards to.
However, it's still very worthwhile as it lowers local bandwidth usage.
They're also trivial to administer since they merely forward everything
to the ISP and cache the results.
This kind of localized caching is particularly helpful in SpamAssassin
situations, where there's no real effort inside SA to cache DNS results
from message to message. It would be silly to do so, as you'd
essentially be writing an application-specific caching forwarder, when
such tools already exist and can be used system wide. With no local
cache, if 3 different messages get sent from the same IP, that IP gets
checked against all the RBLs 3 times, once per message.
.
Maybe in times when there's trouble with the ISP's servers, but it's
rarely the case.
Actually, a local caching forwarder wouldn't help you much if the ISPs
servers were down. I'm sorry if you got the implication that this could
fix your DNS problems.. I was merely pointing it out as a performance
tweak you should look into.
And if, I know some other DNS servers to set in the configuration for
awhile.
Which you'd still have to do with a local forwarder anyway.
I'm forwarding this issue to the Hetzner support team now. It seems
that some other customers have the same problem.
Aye, you might also want to directly ask them if they're taking over
NXDOMAIN responses and redirecting them to a search page. Verizon in the
USA does this, and it causes bogus DNSBL results all the time.
