Jim Crowther wrote:
> In uk.telecom.broadband, on Sat, 8 Mar 2008 23:21:25, Colin Wilson wrote:
>
>> Going back a couple of years, users with NTL who had regular DNS
>> problems were often recommended TreewalkDNS as a workaround.
>>
>> Following a short outage on Sky BB earlier today, i've installed it to
>> one of my machines, but i'm a little concerned about poisoned DNS
>> caches that have gained prominence lately.
>>
>> Does anyone have experience of Treewalk, or info on how you ensure
>> you're using an unadulterated source for your DNS lookups ?
>
> If you use Treewalk, you will not run into poisoned caches, unless one
> of the root servers has been compromised (unlikely, not impossible
> though). The coders of Treewalk were aware of this problem many years
> ago, and have minimised the risk. Treewalk users apparently didn't lose
> YouTube when Pakistan strutted its stuff... I certainly didn't
>
That was not AFAIK a DNS issue. It was done via routing tables being
propagated.

> If treewalk is equivalent to running your own DNS server, go fer it.

Thanks for the replies everyone - much appreciated :-)

Colin Wilson wrote:
>>> Going back a couple of years, users with NTL who had regular DNS
>>> problems were often recommended TreewalkDNS as a workaround.
>> If you don't want to install your own recursive DNS server, you could
>> try using opendns.com instead of your ISPs servers.
>
> Any idea of the relative merits of opendns compared to treewalk ?

Two different ideas which can be combined.

OpenDNS is a set of dns servers which you can use instead of your ISP.
Treewalk is a dns server running on your PC. You will still need to tell
Treewalk where to go to get DNS information - so for example you can
point /it/ at opendns...

--
Mark McIntyre

CLC FAQ <http://c-faq.com/>
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>

On 09/03/2008 20:56, Mark McIntyre wrote:

> Treewalk is a dns server running on your PC. You will still need to tell
> Treewalk where to go to get DNS information - so for example you can
> point /it/ at opendns...

I think that is incorrect (though I'll admit I haven't used treewalk) I
think treewalk will directly contact the root DNS servers, so doesn't
need any configuration to work (though you do seem to be able to edit
its root hints)

Andy Burns wrote:
> On 09/03/2008 20:56, Mark McIntyre wrote:
>
>> Treewalk is a dns server running on your PC. You will still need to
>> tell Treewalk where to go to get DNS information - so for example
>> you can point /it/ at opendns...
>
> I think that is incorrect (though I'll admit I haven't used treewalk) I
> think treewalk will directly contact the root DNS servers, so doesn't
> need any configuration to work (though you do seem to be able to edit
> its root hints)

Doubt it should be pointing directly at the /root/ DNS servers! There's
a heirarchy. My point was tho, that you can configure it in vairious
modes. You can tell it to get stuff from your ISP, from OpenDNS and from
elsewhere. This is how I have bind configured on my linux box.

Mark McIntyre wrote:
> Andy Burns wrote:
>> On 09/03/2008 20:56, Mark McIntyre wrote:
>>
>>> Treewalk is a dns server running on your PC. You will still need to
>>> tell Treewalk where to go to get DNS information - so for example
>>> you can point /it/ at opendns...
>>
>> I think that is incorrect (though I'll admit I haven't used treewalk)
>> I think treewalk will directly contact the root DNS servers, so
>> doesn't need any configuration to work (though you do seem to be able
>> to edit its root hints)
>
> Doubt it should be pointing directly at the /root/ DNS servers!

Why not? any *proper* DNS server will do this.

Then it caches the results, so it doesn't have to do it that often again..


There's
> a heirarchy. My point was tho, that you can configure it in vairious
> modes. You can tell it to get stuff from your ISP, from OpenDNS and from
> elsewhere. This is how I have bind configured on my linux box.
>

Mine uses the root servers. Not much point in having it otherwise.

The Natural Philosopher wrote:
> Mark McIntyre wrote:
>>
>> Doubt it should be pointing directly at the /root/ DNS servers!
>
> Why not? any *proper* DNS server will do this.

Any DNS server at all /can/ - but its not supposed to, thats what the
peering is for. If everyone in the world connected to the rootservers,
they'd fall over.

> Then it caches the results, so it doesn't have to do it that often again..

Sure.

Mark McIntyre wrote:
> The Natural Philosopher wrote:
>> Mark McIntyre wrote:
>>>
>>> Doubt it should be pointing directly at the /root/ DNS servers!
>>
>> Why not? any *proper* DNS server will do this.
>
> Any DNS server at all /can/ - but its not supposed to, thats what the
> peering is for. If everyone in the world connected to the rootservers,
> they'd fall over.
>

Not really. Th eroot servers merely tell you - with VERY long timeouts
on te records - that ".com is over there, ,co.uk is there, and .ordg is
somwhere alonmg there"

You keep thiose cahched, refreshing prtobably almost never.

The next tier might be a bank of all the .coms...saying

'well buggit.com is hosted with ISP123' so you go tho THEIR servers, and
that's where you get your final www.bluggit.com. translation.

Sine all the results are cached, you wouldn't refresh any of them more
than every few days..and that's a single packet in and out. You can have
many servers serving any zone as well, so you can spread the load.

You don't expect the root servers to answer the question 'where is
www.bluggit.com' .

Thats why its called 'treewalk'


>> Then it caches the results, so it doesn't have to do it that often
>> again..
>
> Sure.

I think you don't actually understand how DNS works.

Its not like setting up 'a rootserver' in yer windows PC DNS box.

There is no concept off 'peering' either.