Differences between version 7 and revision by previous author of DNSBestPractices.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 7 | Last edited on Monday, February 21, 2005 9:25:32 pm | by StephenShirley | Revert |
| Older page: | version 6 | Last edited on Saturday, December 18, 2004 2:17:57 pm | by MikeMachuidel | Revert |
@@ -63,8 +63,12 @@
For best performance out of a DNS server, try and use one name for it. ie, call your nameserver "ns1.example.com" in ALL of your zones. Also try to make sure that TTL's for the NS records, and A records on your nameserver, and any other related glue are at least 432000 seconds (5 days). This makes sure that if anything goes wrong higher up in the heirachy, your customers can still get to your site for approximately 2 days giving you time to get the issue fixed. Since queries will still flow directly to your nameserver, you will be able to return other names (such as "www") directly even if the higher up zones are having issues.
You may want to use the same idea for MX records. Beaware that these make it difficult to migrate nameservers in the future, so remember to turn your TTL's down later.
+
+If you want to check to see if a server thinks it's authorative for a zone, simply do
+ dig +norecurse -t ns domain.tld @nameserver
+If the flags line in the header of the output contains 'aa' (for authorative answer), then the nameserver is authorative for that domain.
!!!Caching nameservers
For nameservers that are supposed to handle recuresive lookups for stub resolvers, limit the IP ranges that can issue requests aggressively. People who can do recursive queries through your nameservers can end up with bad entries being cached.
