LinuxSA Mailing list archives

  From: Alan Kennington <akenning@topology.org>
  To  : Daryl Tester <Daryl.Tester@iocane.com.au>
  Date: Thu, 10 May 2001 23:35:05 +0930

Re: odd behaviour of BIND 9.1

On Thu, May 10, 2001 at 10:42:08PM +0930, Daryl Tester wrote:
> Way behind on email ...
> 
> Alan Kennington wrote:
> 
> > dingo /usr/src> nslookup - ns1.telstra.net
> > Default Server:  ns1.telstra.net
> > Address:  203.50.0.24
> > 
> > > bigpond.com
> > Server:  ns1.telstra.net
> > Address:  203.50.0.24
> > 
> > *** ns1.telstra.net can't find bigpond.com: Non-existent host/domain
> 
> This won't work - Telstra no longer allow third parties to use
> their name servers as recursive resolvers (as of a few weeks ago).
> It's quite possible that you had stale entries in your bind server
> that was fouling things up for you.


Thanks, Daryl. That's very useful to know. It seems to match
up with the symptoms well enough.
(I seem to remember, though, that Telstra used to encourage
users to point their resolv.conf to their DNS servers.)

Supposing I wanted to have a "recursive resolver" out there
for one LAN which I don't have DNS on, can you recommend
which I might use?
Does it really annoy DNS server operators to have other
people sponging on their DNS bandwidth?

I once checked my own DNS bandwidth and was quite surprised
by how high it was. It serves about 16 domains, but I was
still surprised by the ratio of port 53 traffic to port 80 traffic.

So I imagine that anyone who actaully paid for bandwidth by
the magabyte would not be thrilled to have other people
using their DNS server all the time.

If the worst comes to the worst, I'll turn on my DNS server
again in the LAN in question. But given the rate at which
exploitable bugs appear in BIND, it doesn't look like
you can leave the net and go on holiday in the bush for
very long, for fear that an exploit will be published while
you're away!

I think that the /etc/resolv.conf file list of DNS servers
is consulted always in the specified order, isn't it?
So if the first server works, the second one is not queried.
And that means that I could query my own unreliable server
(across the net from one LAN to another) as a primary choice,
and then have another DNS server as backup only.

Cheers,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject