Hi all,

I want to set up a test environment for the Web Developing,so download a Unbutu Server 6.10, installed it on a old PC.

I had setup the apache well....

But on the intranet, something not work for me.

I am using Netgear WNR854T for the broadband router. And all computer are using static IP base on 192.168.218.x, and all computer's DNS is setting to using ISP's DNS ....

On my environment, here are the setting:

PC A (Developmet Workstation)
IP: 192.168.218.61
Sub mask 255.255.255.0
Gateway: 192.168.218.1
DNS1: 218.102.66.71 (Want to change to using 192.168.218.121 also can resolv domain name)

Linux Server (full name is linux.testserver.org)
IP 192.168.218.121
Sub mask 255.255.255.0
Gateway: 192.168.218.1
DNS: 192.168.218.121


The big problem is, while I change the DNS value from the ISP one to the Unbutu one, like from 218.102.66.71 change to 192.168.218.121 (The Intranet Linux Server DNS IP) on my workstation

Try using nslookup on my workstation and the linux server It will time out, and can not resolv any domain name, both the Linux Server itself and the client, but if using the ISP' DNS server, the Linux server can resolv domain name ....

The Router's Gateway is 192.168.218.1, and the Unbutu Server IP setting are like that.

in /etc/resolv.conf
search testserver.org
nameserver 192.168.218.121
nameserver 192.168.218.1
-----------------------------------------------

in /etc/bind/named.conf

zone "testserver.org" {
type master;
file "/etc/bind/zone.testserver.org";
};
--------------------------------------------------------------

in /etc/bind/zone.testserver.org
$TTL 3600
@ IN SOA linux.testserver.org. root.localhost. (
1 ; Serial
3600 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS linux.testserver.org.
@ IN A 192.168.218.121
www IN A 192.168.218.121
ftp IN A 192.168.218.121

It is all, how to setting the Unbutu DNS Server work on my intranet, since if it not work, I can not make a test environment to development the web site like enter this type of domain name ...

www.microsofttest01.com, etc ....

It just time out while my workstation change from using ISP's DNS to the Linux Server one.

Thx for your time.

You need to add to /etc/named.conf:

forwarders { 218.102.66.71; };

ramram29,

Thank you very much, it work.

But why added this line it will work??

Default setting not it will auto find the root DNS Server ma?

The forwarders are the DNS servers of your ISP. It is faster to do it this way.

That is wrong. The fastest resolution is if you don't waste time asking your ISP for the addresses, the fastest is to build a cache server that directly queries the roots and/or top level domain servers.

Asking your ISP's servers just adds an extra step that is unnecessary. Then if they don't know, they have to go to the root then top-level then get directed to the authoritative server, then it responds to the ISP server, which forwards finally to you. When you build your own cacher, it goes direct to the roots, then top-level, then to the authoritative, and they reply and you're done. It cuts out one hop going down the chain, and another coming back up.

Peace,
JimBass

I don't think it is wrong, like you said. Building a server that directly queries the root servers may or may not be the best solution. It depends on your ISP and how many hops your server will take to get to the root servers and how fast your connections is, etc...

I totally disagree with you. DNS should be configured to have a trickle-down effect to resolv queries from bigger to smaller servers. It makes sense to resolve through a server with a superfast OC connection rather than querying the root servers with your puny T1 connection. It also makes a lot more sence to use your ISP, since you have to go through their network to get to the root servers anyways. By not using your ISP's DNS servers all you are doing is causing more congestion.

ISP's usually have DNS servers with mega huge caches, so why go directly to the root servers? That may actually slow you down. Not only that; you, together with others, may be contributing to slowing down everybody else on the Internet. As a matter of fact, misconfigured DNS servers are one of the main causes of unecessary reduction of speed on the Internet, together with SPAM, etc...

It depends on what you're looking up. If your queries are primarily yahoo and google, then yes, your ISP's resolver will have them cached most of the time. The size of their cache however has nothing to do with the question at hand. What determines how long an answer is valid for is the authoritative DNS for the domain. Google.com for example, gives a total time to live (TTL) of 300 seconds. That is very short, but to keep the load off the roots, they make the google nameservers have a TTL of 172800, which is 2 days. No ISP or anyone else can keep the answer for google longer than 300 seconds, but with the 2 day window on their nameservers, when it has been 300 seconds since my last request for google, I can go back to their nameservers without asking the root/tld servers, and get another 300 second answer. Of course, 2 full days after my initial request, I have to traverse the entire chain from root up to google's nameservers, and again, I'll have 2 days before that needs to be done again.

Another reason not to use your ISP's nameservers is they attempt to twist your arm into visiting their sites. I have an Earthlink cable modem at home, and they like to start my resolv.conf off with the beautiful "search earthlink.net" line. So if I lookup google instead of google.com, I'll look for google.earthlink.net, which gives my ISP more traffic, and they can "help" me find what I was looking for, showing me ads in the process. When I mistype, I just want the failure, not the tour of their search engine capabilities.

The misconfiguration of DNS servers you speak of is a very real problem, but not so much in the way you imply, real queries from small servers. The problem is when people just put a caching server on the net, authoritative for nothing. The problem with that, is all the machines behind it asking for PTR records on the domain 192.168.1.X. All windows machines for example ask for the PTR record of their gateway. So everybody on a linksys router (default 192.168.1.1) will ask their DNS for the PTR of 192.168.1.1. If the DNS they ask is purely a cacher, and doesn't return any authoritative records, it will forward a query all the way to the roots for an address (192.168.Y.Z) that the roots couldn't possibly know the answer to. The amount of this traffic is HUGE. Most ISPs put some type of block in place for PTR request at all the private addresses, 192.168, 172.16, 169.254, 10., etc, and all the variations of those, but poorly setup DNS boxes (there are many) still forward unanswerable requests to the roots. I saw statistics on this once, and it is an obscene amount of traffic.

In regards to what I said in the earlier, if your lookups are of an unpopular domain (say, something you own, that nobody else is likely to know), it again is faster if you go direct to the root, as your ISP is unlikely to have it cached.

Your contention that the speed of the connection has something to do with how quickly it is answered is a true/false kind of thing. Yes, a faster connection should get you an answer more quickly, but you're talking about such a tiny amount of data. Usually DNS answers are less than 512 bytes. Even on a phone modem, that is a tiny amount of data. Yes, an OC3 connection might get you an answer in 20 ms, whereas my cable modem will take 50 ms, but to human perception, you won't see a difference.

Peace,
JimBass