[afnog] Decreasing Access Time to Root Servers DNS by Running One on Loopback

[Nishal Goburdhan]

On 15 Dec 2015, at 16:53, MANGA Willy Ted wrote:
> Hi,
>
> Le 14/12/2015 11:44, Nishal Goburdhan a écrit :
>>> [...]
>> the thing with your ISP’s dns caches (assuming they work) is that
>> in the long run, they’re likely to give you the best overall
>> performance.  so,
>
> My only concern with some ISP's dns caches (in Cameroon) is that they
> do not understand they can activate dnssec validations for their
> customers :-\ .
> Thus I prefer to use my own local recursive resolver .

..and that’s a perfectly good reason to run your own recursive dns 
service!

but, my point, was that you’re likely to get better performance from 
your ISP’s larger cache (by virtue of it simply having more customers 
to populate this cache) vs. you, as an individual, using your own 
server.
and, as i said in the bits that you’ve snipped out, if you could teach 
your ISP how to do this (ie. the dnssec validation magic), which, iirc, 
is something like adding two lines of BIND/UNBOUND config, your overall 
community would benefit.  versus just you.

of course, that’s simply if you are looking at maximising overall 
network performance.  as a single user, maximising performance is 
probably not a concern for you, since you’re not doing N*1000 queries 
a second.  but as dns-admin of a large network, optimising dns 
performance *is* likely to be a concern for you, since, dns is the 
starting step to most end-user services.  heck, do operators still 
pre-cache? :-)

[this is moving more and more away from a loopback-root discussion, but 
it’s still fun.  mtinka, i see a topic for windhoek, next year ;-)]

—n.