Autor: Simon Hobson Data: Para: dng Assunto: Re: [DNG] how to clear DNS cache
Rick Moen <rick@???> wrote:
> It should be noted that many programs presume to cache DNS, e.g., Web
> browsers do, as does the Java runtime.
Indeed.
Not only that, but many cache content as well - browser caching can be a real PITA when it caches "the wrong thing", and especially with "clever" browsers that try and be "helpful".
Rick Moen <rick@???> wrote:
> My modest suggestion is that it's in Linux users' interest to not outsource recursive service to anyone at all. Having the necessary recursive nameservice be on one of one's own local machines improves network performance, reliability, and security, IMO.
Yes, on ONE of your own machines.
But not on each machine as some suggest. If you run a recursive resolver on each machine, then you end up duplicating a lot of traffic - ie each resolver has to separately resolve all the glue from the root down to the required zone. Running ONE recursive server on your network means that this traffic is shared (and cached) between all clients on the network. Using an external resolver (especially a well used one) means that this caching is even more effective at reducing overall load on the DNS system - and requires just one request/answer exchange between client and resolver for each name.
Hendrik Boom <hendrik@???> wrote:
> One of these days I'll probably get around to installing my own
> recursive DNS server, just to find out how that's done.
That's a good enough reason to do it :-)
> It's a mystery to me why most home Windows and Mac systems don't have
> their own built in.
Because for the majority of users, there's no reason to - and good reasons not to (as mentioned above)
> It does seem to be a tradition for dhcp to tell clients what DNS
> service to use.
Not just tradition, it's more or less required.
> Could it be that coffee shops get suspicious about
> the use of stray DNS servers and block them?
It's possible, for one thing, a lot of "content filtering" is done at the DNS level - ie by blocking access to dns names known to be associated with "stuff we don't want people accessing via our network".