On 9 Dec 2010, in the Usenet newsgroup comp.os.linux.networking, in article
>> Unfortunately those dns ips do not work as expected most of
>> the times. Everybody seems to use dhcp.
Please understand that DNS works by believing the first answer it
receives from a name server. If you list three, two of which are
"real" DNS servers out on the Internet, and the third being something
local like your router, the kernel resolver code will ask each in
turn. If you ask about an real Internet hostname such as 'google.com'.
all three servers should return "useful" data, and your system will
believe the first answer it receives. If you ask a real server
about a local hostname that only your local name server knows about,
the real server will reply
0/1/0 www.funky.name NXDOMAIN
which says 'www.funky.name' doesn't exist - and your resolver now
has an answer and the game is over. ANY NAME SERVER YOU USE MUST
BE ABLE TO RESOLVE ALL NAMES.
Quote:>You are not restricted to using _just_ your ISP's dns servers.
True, but some name server administrators configure their name
servers to either not respond to "outsider" requests for "outside"
names, or have it respond with an NXDOMAIN which may be worse for you.
Quote:>You can set 3 (or more?) _diverse_ dns servers in /etc/resolv.conf
man 5 resolver and read the section on 'nameserver' directives.
Most kernels are compiled with MAXNS set to '3' in /usr/include/resolv.h,
and additional 'nameserver' lines are ignored.
Quote:>I purposely do _not_ use my ISP's dns servers, and I use one
>dns server from each of three diffrent internet 'biggies'.
I find it more reliable to run my own full recursive name servers.
To prevent abuse from outside, I merely block inbound packets to 53/udp
and 53/tcp. That way, my internal systems can resolve internal AND
external names from the same server.