<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Yes, I understand that, thats why it (should) get jailed when its
exposed to the Internet. <br>
<br>
A caching DNS server for your LAN doesn't need to accept connections
from the net. What are the risks if you take an old desktop machine
with no data on it, running behind the firewall providing DNS only to
those behind the firewall. Its only interaction with the outside world
is getting DNS information. I guess it could get corrupt information,
but only for the domains the corrupt DNS server is authoritative for.<br>
<br>
I checked the lookup times using dig and I'm looking at about 14-15ms
locally or 45-55 using my ISP on cached lookups. On a complicated page
I think its worth the trouble. Your inhouse caching DNS server is
certain to be lighter loaded than your ISP's.<br>
<br>
Collin wrote:
<blockquote cite="mid4429463F.9030503@kkmfg.com" type="cite">
<pre wrap="">Well, there is always the squeamishness that people feel toward running
something with such a long history of security snafu's (BIND). Granted,
the situation may be better today but it's still just one more vector
for intrusion.
I don't run a caching DNS server at my workplace but we're on a T-1 line
and the response time from our provider's DNS server is plenty fast.
David Pembrook wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Why anyone with a small lan and a spare computer wouldn't run dns is
beyond me given the benefits.
Dave
john-thomas richards wrote:
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
grlug mailing list
<a class="moz-txt-link-abbreviated" href="mailto:grlug@grandrapids-lug.org">grlug@grandrapids-lug.org</a>
<a class="moz-txt-link-freetext" href="http://grlug.org/mailman/listinfo/grlug">http://grlug.org/mailman/listinfo/grlug</a>
</pre>
</blockquote>
</body>
</html>