For the sake of "completeness", I put up the following....... As an experiment I issued the command "pdnsd-ctl empty-cache", this clears pdnsd's cache and resets any local rules. interestingly this cured the problem. It also sped up the internet access a good bit. I believe given what has happened that this would be worth while to do say on a yearly basis. When I first installed pdnsd, I remember the time reduction accessing almost all web pages was very much reduced. I felt over time that this reduction appeared to largly dissapear. I asssumed it did not have as much effect on the 3g broadband, this assumption does not appear to be correct. It seems the longer pdnsd runs the more bogged down it gets, or possibly the more rubbish entries ends up in the cache. It's nice to know my initial diagnosis of a name server problem was correct. Lindsay
Quoting zlinw@mcmedia.com.au (zlinw@mcmedia.com.au):
It's nice to know my initial diagnosis of a name server problem was correct.
If you're looking for a really fast, well behaved recursive-only DNS nameserver, look no further than Unbound. (I'm a big fan of it and its authoritative-only sibling NSD. My experience with PowerDNS Recursor and PowerDNS Authoritative Server has been a little more mixed.)
On Fri, Nov 08, 2013 at 09:01:52PM -0800, Rick Moen wrote:
Quoting zlinw@mcmedia.com.au (zlinw@mcmedia.com.au):
It's nice to know my initial diagnosis of a name server problem was correct.
If you're looking for a really fast, well behaved recursive-only DNS nameserver, look no further than Unbound. (I'm a big fan of it and its authoritative-only sibling NSD. My experience with PowerDNS Recursor and PowerDNS Authoritative Server has been a little more mixed.)
yep, for a recursive-only nameserver, unbound is great. it's been years since I used them, but both maradns and dnsmasq do a reasonable job too (dnsmasq can also do dhcp and tftp). i can't remember if unbound can do this or not, but both dnsmasq and maradns can also do some authoritative DNS - not as good as bind, but good enough for maintaining local hostname entries. powerdns just seems like massive overkill for a tiny little internet gateway box. it's designed for very large ISP and DNS service providers, with a need for great flexibility in where DNS data is sourced (e.g. flat files, databases, whatever) and huge numbers of domains. short descs from debian packages: bind9 - Internet Domain Name Server dnsmasq - Small caching DNS proxy and DHCP/TFTP server maradns - simple security-focused Domain Name Service server pdns-server - extremely powerful and versatile nameserver unbound - validating, recursive, caching DNS resolver craig PS: i personally use bind9 but only because it's the only thing that conveniently does both authoritative and recursive DNS in the one program - and my auth dns MUST be on my gateway box's IP address of 203.16.167.1. i need both auth & recursive and don't want to run two nameservers. if i didn't host the DNS for my own domains myself, i'd probably run unbound or dnsmasq. -- craig sanders <cas@taz.net.au>
Quoting Craig Sanders (cas@taz.net.au):
it's been years since I used them, but both maradns and dnsmasq do a reasonable job too (dnsmasq can also do dhcp and tftp).
i can't remember if unbound can do this or not, but both dnsmasq and maradns can also do some authoritative DNS - not as good as bind, but good enough for maintaining local hostname entries.
Unbound does not do local-only authoritive service the way Dnsmasq and MaraDNS do, just recursive service. OTOH, Dnsmasq is only a forwarder, with no recursive abilities. (But Dnsmasq referring queries to a recursive server such as Unbound would give you the best of both worlds.) MaraDNS continues to be a good option, especially now that Sam Trenholme has rewritten the recursor from scratch and dropped in the replacement 'Deadwood' recursor codebase instead of his original, somewhat problematic design. And yes, it does do local authoritative zones. (Fair disclosure: Sam is a friend of mine.)
powerdns just seems like massive overkill for a tiny little internet gateway box. it's designed for very large ISP and DNS service providers, with a need for great flexibility in where DNS data is sourced (e.g. flat files, databases, whatever) and huge numbers of domains.
Yeah, we use it at $DAYJOB. FYI, 'DNS Servers' on http://linuxmafia.com/kb/Network_Other has my bestiary of all known DNS software available for Linux. I specify the capabilities of each, e.g. recursive, authoritative, forwarder.
PS: i personally use bind9 but only because it's the only thing that conveniently does both authoritative and recursive DNS in the one program - and my auth dns MUST be on my gateway box's IP address of 203.16.167.1. i need both auth & recursive and don't want to run two nameservers.
Yeah, I have the same problem. FWIW, one standard setup for PowerDNS involves running the authoritative server and the recursive server on the same host with the recursive server bound only to loopback on a high-numbered port. The authoritative server answers directly any queries in its bailiwick but forwards to the local recursive server any that aren't. It turns out, one can run nsd bound to a high-numbered port and forward queries from Unbound to it, like this in unbound.conf: stub-zone: name: "mdylocalnet.com" stub-addr: 127.0.0.1@53530 See: https://wiki.archlinux.org/index.php/Nsd https://wiki.archlinux.org/index.php/Unbound https://calomel.org/unbound_dns.html The other way around the problem of separate recursive and authoritative servers on the same host both needing to bind to 53/tcp is IP aliasing, which might be cleaner and less of a headache, dunno. One way or the other, I'm going to do such a thing next rebuild and finally lose BIND9.
participants (3)
-
Craig Sanders -
Rick Moen -
zlinw@mcmedia.com.au