Re: bind 8.2.1 on squid box

From: Henrik Nordstrom <[email protected]>
Date: Fri, 02 Jul 1999 07:45:14 +0200

At 21:04 30/06/99 -0700, Jorg B. wrote:
>I installed bind 8.2.1 as a "no authoritive" dns server on our
>transparent squid caching server. Before I installed bind on
>the squid box it was using a DNS server on the same network.
>I noticed that the "avg service time" went up,
>from 1 msec to 7 msec. Why is the "avg service time" now slower....

You probably havent configured your caching DNS server to use your main
DNS as a forwarder. This is especially important in a transparent
caching environment: If you don't use a forwarder to the same DNS as
your clients use (either directly, or by a forwarder rule) then your
caching DNS will need to go out on the internet to resolve the address
again rather than using the cached result from the clients lookup.

Recommended DNS setup for most medium sized environments is to have one
outgoing DNS server, and all other DNS servers in the network configured
to use the outgoing server as a forwarder. This way you have a central
DNS cache which all parts of your network may benefit from, and local
caches where needed to offload the central DNS server or reduce latency
on slow WAN links. Note that the same basic principles applies to DNS
caching as Web caching, you need a couple of clients using the same data
to be effective.

About the only exception to the above is if your main DNS server is
overloaded and introduces a lot of overhead latency, but the recommended
action is to fix the main DNS performance rather than stop using it as a
forwarder. One other exception is in "firewalled" setups where clients
are forced to use the proxy. Then the locality of Squid DNS data may
differ a lot from your main DNS data and not much is gained from joining
the two sets.

There is not much gained from using a caching DNS server for Squid if
your other DNS is local on the same LAN. You will at best win a small
amount of network latency on Squids refreshes of it's internal DNS
cache.

--
Henrik Nordstrom
Spare time Squid hacker
Received on Thu Jul 01 1999 - 23:55:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:16 MST