I made some major changes to my resolving nameserver.
Instead of doing recursive queries for trusted IP addresses, I switched to use the two DNS servers by my serving upstream ISP as forwarders. The added syntax in /var/named/chroot/etc/named.conf is as follows :
options {
directory "/var/named";
forwarders { 1.2.3.4; 2.3.4.5; };
forward only;
};
Do I need to worry about one forwarder fails and the query just got stuck until time-out ? The answer is no. One beauty of Bind 9 is that forwarders are not selected in the order listed or in a cyclic manner. Instead, the nameserver will select which the forwarder to query first based on roundtrip response time. If one forwarder fails, the nameserver will select the remaining working one.
No comments:
Post a Comment