[aklug] Now DNS discussion

_____
From: Royce Williams [mailto:royce@alaska.net]
To: barsalou [mailto:barjunk@attglobal.net]
Cc: aklug@aklug.org
Sent: Tue, 29 Jan 2008 08:40:43 -0900
Subject: [aklug] Re: GCI DNS servers

barsalou wrote, on 1/29/2008 8:22 AM:
>> Some interesting references:
>>
>> 98% of DNS Queries at the Root Level are Unnecessary
>> http://www.sciencedaily.com/releases/2003/01/030124074245.htm
>>
>> Is Your Caching Resolver Polluting the Internet?
>> http://dns.measurement-factory.com/writings/wessels-netts2004-slides.pdf
>>
>> DNS Measurements at a Root Server
>> http://www.caida.org/outreach/papers/2001/DNSMeasRoot/dmr.pdf
>
> Royce, Have you used or are you using dnstop?
  
  Definitely. An excellent tool. I have noticed that leaving it
  running on some OSes can cause a bit of system load.
  
  I haven't used the other tools that the Measurement Factory guy
  mentions (DSC).
  
> Looks like an interesting tool. Where are the links to fix these
> problems? Maybe I missed it in the text?
  
  The recommendations that I found most helpful were in the article that
  I have yet to locate. :)
  
  In a general sense, using your ISP's servers should reduce load on the
  roots, and you also benefit from a significant shared cache. Auditing
  your zones with the dnstop '-l' option set to 3 or 4 (or more) and
  then switching to the query view depth (Alt-3, Alt-4, etc.) will
  reveal a lot about what queries you're making.
  
  royce@heffalump$ sudo dnstop -l 5 [interface name]
  
  Seeing a bunch of queries like this means that your resolver is trying
  to look up
  
  
  hostname 34
  hostname.mydefaultdomain.org 34
  anotherhost 23
  anotherhost.mydefaultdomain.org 23
  
  
  Seeing lots of bogus domains or un-fully-qualified hosts means that
  your internal servers are leaking requests for their siblings:
  
  wpad 113 0.6
  local 107 1.5
  mom 102 0.5
  belkin 24 0.3
  
  
  And the Measurement Factory guys have some built-in filters for bad
  queries:
  
  Available filters:
          unknown-tlds
          A-for-A
          rfc1918-ptr
  
  
  Royce
  
  -
    
Well I think it would nice if someone set up some root servers to test, and then folks with their own caching DNS could use them also. I run my own authoritative & caching DNS without issue. I also found both bind and djbdns to work well.

Cheers,
-Dee

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jan 29 09:03:05 2008