[<<] [<] Page 3 of 3 [>] [>>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [discuss] Re: who is responsible for the tldp.org domain name
From: Rick Moen ####@####.#### Date: 7 Nov 2008 23:16:17 +0000 Message-Id: <20081107231518.GZ5561@linuxmafia.com> Quoting Guylhem Aznar ####@####.#### > Bad idea. If it isn't broken, don't touch it. Admins are meant to be > contacted ! The UNC DNS team is usually very responsive. Just ask > them to change the IP br.tldp.org is pointing to, and voila. I concur. Just say "Dear hostmasters, please replace br IN A 200.140.247.68 ...with... br IN A 1.2.3.4 ...in the zonefile for tldp.org, at your earliest convenience. Thank you." (Substituting the desired IP for 1.2.3.4.) > I wouldn't consider using Gandi or any commercial DNS service. Nor should, I would maintain, any moderately competent Linux user who has a static IP. Please note: This is an observating I'm making about people generally; it doesn't have much to do with LDP. (Even people on broadband or dialup with dynamic IP will benefit from doing _recursive_ DNS locally. In fact, they especially benefit from doing so, more than others.) > If it's done in-house, yes. But the overhead of managing our own DNS > servers on gabber is hardly justified IMHO. Truth to tell, running secondary (slave) nameservice requires really zero administration and maintenance. You just define the zone, and it automatically tracks what the master does. There's nothing to administer. However, if "gabber" is in the same network as UNC's nameservers, it'd be pretty foolish to use it as an additional secondary, as it is subject to the same single points of failure, and thus adds no real redundancy. I keep having to re-learn: People who don't understand DNS tend to have a lot of very peculiar opinions about it! | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: [discuss] Re: who is responsible for the tldp.org domain name
From: Rick Moen ####@####.#### Date: 7 Nov 2008 23:24:43 +0000 Message-Id: <20081107232347.GA5561@linuxmafia.com> Quoting Jean-Daniel Dodin ####@####.#### > Rick Moen a écrit : > > > You've been consistently speaking of "br.tldp.org" as a subdomain. Do > > you have any reason to think it is a subdomain? I have so far seen > > none cited. > > well... my definition is the same as > http://en.wikipedia.org/wiki/Subdomain OK, then, _what is_ your reason for thinking that "br.tldp.org" is a subdomain? From everything that I'm seeing, this appears to be an error, and that FQDN is, instead, a simple host, pointed to by an "A" record. Hosts and subdomains are entirely different things. > > plus you're not having to pay someone > > else to do it for you. > > it's free! I believe you mean that it's bundled with your Gandi.net domain registration. Not free. Just something you're already paying for, for other reasons. However, even at that, the fact is that DNS services from shared commercial hosts has a strong tendency to be poor and to have severe security risks. > > to your LAN gives you much better security _and_ much better network > > performance. > > I have no network there Actually, the less local network infrastructure you have (especially outbound bandwidth), the more you'd likely benefit from (at least) a recursive nameserver, often referred to as a caching nameserver. Why? Because of the bandwidth it will save you on DNS lookups that would otherwise have to constantly travel across your Internet link. Here's a post I wrote about that, about a month or so ago: To further clarify, server-end DNS is of two types: Either your server is publishing DNS data, or it's not (and is merely fetching, providing, and caching as necessary DNS data published elsewhere). o Publishing DNS data is called running an "authoritative nameserver". o Handing other folks' DNS data is called running a "recursive nameserver". If you own a domain, you'll want to have it be served up by minimum two authoritative nameservers operating on fixed IP addresses somewhere in the world. (The RFC-recommended numbers are minimum three, maximum seven.) So, folks generally don't need to even consider operating authoritative nameservice: Only domain owners do. On the other hand, _everyone_ has reason to run a recursive (aka "recursive-resolver") nameserver on the local LAN or local machine. One reason: Not doing so throws away siginficant bandwidth and performance on the traffic overhead and delays resulting from unnecessary DNS-query transactions across your upstream link. Another reason: Security. ISP nameservers tend to have extremely bad security (and reliability, and performance). The smaller your network operation, and the less bandwidth you have to waste, the greater your advantage from a local recursive nameserver. Yet, these are the exact people whose reaction to my suggestion is inevitably "Oh, my computing's too small, simple, and slow to need a nameserver. Besides, it's too difficult to do." Here's how you turn on PowerDNS Recursor on Ubuntu: $ sudo apt-get install pdns-recursor That's it. PowerDNS Recursor is now running and will handle recursive queries posed to it, and will cache that data, saving bandwidth on repeat queries (which happen a great deal). You _do_ need to set the local machine to send its queries there. A *ix machine's DNS client library is configured via /etc/resolv.conf . Edit that file to have this one "nameserver" line and no other "nameserver" lines: nameserver 127.0.0.1 You also need to make sure your DHCP client software (if any) doesn't overwrite that namserver line. There are many ways to do this; the least complex is to install the "resolvconf" package. (Just install it; the DHCP client should then do The Right Thing.) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[<<] [<] Page 3 of 3 [>] [>>] |