DNS

Improving DNS performance for recursive/cache-only queries to Internet

J5Leave a comment

how_dns_works.pngBIND servers will typically ship with a factory-default hint zone like this:

zone "." {
 type hint;
 file "db.root";
};

You’ll see this db.root file contains a static list of the 13 root servers.  It gets the job done, but since recursive queries always go out to the root servers, it’s not ideal.

dns_to_root_servers

A better solution: download the complete database from the root servers themselves:

zone "." {
 type slave;
 masters {
  198.41.0.4;
  192.228.79.201;
  192.33.4.12;
  199.7.91.13;
 };
 file "root.cache";
};

This file is roughly 2 MB and will take a few seconds to transfer, but helps deliver much more consistent lookup times since it hits the TLD servers directly without first bouncing off the root servers.  Note the significantly lower standard deviation below:

dns_to_tld_servers

As an added bonus, it will be resilient should the root servers ever come under DDoS.

 

 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s