discuss: who is responsible for the tldp.org domain name
Subject:
Re: [discuss] Re: who is responsible for the tldp.org domain name
From:
Rick Moen ####@####.####
Date:
7 Nov 2008 23:24:43 +0000
Message-Id: <20081107232347.GA5561@linuxmafia.com>
Quoting Jean-Daniel Dodin ####@####.####
> Rick Moen a écrit :
>
> > You've been consistently speaking of "br.tldp.org" as a subdomain. Do
> > you have any reason to think it is a subdomain? I have so far seen
> > none cited.
>
> well... my definition is the same as
> http://en.wikipedia.org/wiki/Subdomain
OK, then, _what is_ your reason for thinking that "br.tldp.org" is a
subdomain? From everything that I'm seeing, this appears to be an
error, and that FQDN is, instead, a simple host, pointed to by an "A"
record. Hosts and subdomains are entirely different things.
> > plus you're not having to pay someone
> > else to do it for you.
>
> it's free!
I believe you mean that it's bundled with your Gandi.net domain
registration. Not free. Just something you're already paying for, for
other reasons. However, even at that, the fact is that DNS services
from shared commercial hosts has a strong tendency to be poor and to
have severe security risks.
> > to your LAN gives you much better security _and_ much better network
> > performance.
>
> I have no network there
Actually, the less local network infrastructure you have (especially
outbound bandwidth), the more you'd likely benefit from (at least) a
recursive nameserver, often referred to as a caching nameserver. Why?
Because of the bandwidth it will save you on DNS lookups that would
otherwise have to constantly travel across your Internet link.
Here's a post I wrote about that, about a month or so ago:
To further clarify, server-end DNS is of two types: Either your server
is publishing DNS data, or it's not (and is merely fetching, providing,
and caching as necessary DNS data published elsewhere).
o Publishing DNS data is called running an "authoritative nameserver".
o Handing other folks' DNS data is called running a "recursive nameserver".
If you own a domain, you'll want to have it be served up by minimum two
authoritative nameservers operating on fixed IP addresses somewhere in
the world. (The RFC-recommended numbers are minimum three, maximum
seven.)
So, folks generally don't need to even consider operating authoritative
nameservice: Only domain owners do.
On the other hand, _everyone_ has reason to run a recursive (aka
"recursive-resolver") nameserver on the local LAN or local machine.
One reason: Not doing so throws away siginficant bandwidth and
performance on the traffic overhead and delays resulting from
unnecessary DNS-query transactions across your upstream link.
Another reason: Security. ISP nameservers tend to have extremely bad
security (and reliability, and performance).
The smaller your network operation, and the less bandwidth you have to
waste, the greater your advantage from a local recursive nameserver.
Yet, these are the exact people whose reaction to my suggestion is
inevitably "Oh, my computing's too small, simple, and slow to need a
nameserver. Besides, it's too difficult to do."
Here's how you turn on PowerDNS Recursor on Ubuntu:
$ sudo apt-get install pdns-recursor
That's it. PowerDNS Recursor is now running and will handle recursive
queries posed to it, and will cache that data, saving bandwidth on
repeat queries (which happen a great deal).
You _do_ need to set the local machine to send its queries there.
A *ix machine's DNS client library is configured via /etc/resolv.conf .
Edit that file to have this one "nameserver" line and no other
"nameserver" lines:
nameserver 127.0.0.1
You also need to make sure your DHCP client software (if any) doesn't
overwrite that namserver line. There are many ways to do this; the
least complex is to install the "resolvconf" package. (Just install it;
the DHCP client should then do The Right Thing.)
