I am on AWC EC2, as my server is going to make a lot of query for third party domains, I am thinking the following options
- install nscd on all servers
- use the default ec2 name recursor
- install my own name recursor
- just use 8.8.8.8
I am hesitate to install centralized recursor so it is single point of failure, and subject to attack like: http://support.godaddy.com/help/article/1184/what-risks-are-associated-with-recursive-dns-queries
-
Is it common nowadays now one will use name server support recursive DNS query like the above article suggest?
-
In term of security and performance, I am thinking to install
nscd
, are there any drawback?
Best Answer
nscd does more than just caching DNS requests; it also caches lookups for usernames and groups along with some other less common uses. It's standard on Linux systems (it's packaged as part of glibc) and is probably already installed, and it uses very little memory, so there's no reason not to run it. It will provide good caching behavior without needing any further configuration.
Since EC2 charges for external traffic, and traffic to 8.8.8.8 (the Google resolver) is going to be much slower than traffic internal to the datacenter, you should prefer EC2 DNS unless you have a very specific reason not to. You can set up the Google DNS (8.8.8.8 and 8.8.4.4) as backups for the Amazon DNS if you like, but it's very unlikely that they'll be down when the rest of the zone is working.
My recommendations for your EC2 virtual machines:
Sources: man pages for nscd(8) and resolv.conf(5)