RW a écrit : > On Fri, 3 Apr 2009 01:12:17 +0200 (CEST) > "Benny Pedersen" <m...@junc.org> wrote: > >> On Fri, April 3, 2009 00:31, Mike Bostock wrote: >>> Noted the stuff about OpenDNS being "not a proper DNS" and, as I >>> have squid set up but not in use, I may just point squid at it >>> and go back to using my ISP's DNS servers as forwarders. >> bind works better without forwarders, it common error to belive isp >> can handle more loads and cache, but no localhost rules > > Going through a forwarder cuts down the number of round trips, which > can be a major speedup if you have poor latency. It can also insulate > you, somewhat, from slow authoritative servers. >
may be. but on the other hand, attackers need to target fewer servers. For example, the impact of cache poisoning attacks is higher at sites that forward for many clients... I stopped using my ISP forwarder the day it told me my IP was listed on spamhaus. be it a bug or a cache poison, I really don't care. and I didn't notice any performance issues after I removed the forwarder.
