invalidate cache on cache-only resolver?

Jim Reid jim at mpn.cp.philips.com
Tue Aug 10 10:22:03 UTC 1999


>>>>> "Frank" == Frank Cusack <fcusack at iconnet.net> writes:

    Frank> Your justification is exactly why I want cache invalidations. I want to
    Frank> keep the recursive servers as stable as possible. The less the config
    Frank> gets touched, the less chance there will be a problem (let's ignore
    Frank> possibly unstable patches to BIND as an issue. ;)) And note that the
    Frank> config does change at least daily (I try very hard to keep it at daily
    Frank> or longer, but sometimes this doesn't work out. :\).

Personal opinion: the more you play with name server's caches, the
higher the chances of screwing up. And what about the servers that
forward queries to the servers where you're tampering with their
caches? Aside from the scaling, security and administrative problems,
you'll be opening a Pandora's box. Next thing, you could be wanting to
add or remove individual RRs. And then you might end up using this
patch-the-cache-on-the-fly mechanism instead of making "real" changes
via Dynamic DNS or updating zone files.

    Frank> I don't want to do the zone xfers when most of the data isn't even
    Frank> being queried, and much doesn't get queried between updates.

I don't see why you should care about that, unless you have truly
humungous zone files that take hours to transfer and/or a really slow
network. Personally, it gives me a Warm Feeling to know that the DNS
data for India is replicated on a server in Brasil, even though hardly
anything queries that Brasilian server for Indian data. Apart from the
insignificant overhead of the odd zone transfer and a handful of SOA
queries, it doesn't hurt or cost anything to do this.

    Frank> What's the difference, really, between "invalidating" a zone you are
    Frank> slave for vs. invalidating a zone you have cached?

Authoritative answers.

    Frank> Killing the cache for a particular zone is actually quite easy.

Reloading the server is even easier. :-) And it works Right Now.

    Frank> So... I will concede that cache-invalidate has a limited usefulness,
    Frank> restricted to certain configurations, but within those parameters
    Frank> it can let you run cache-only instead of slaving lots of zones.
    Frank> This CAN BE an advantage.

    Frank> Still disagree?

Yes. We'll have to agree to differ. You say you already auto-generate
and distribute named.conf files. So you already have a way of updating
the caches simply by adding and removing zone statements. That IMHO is
a lot less work and a lot less dangerous than munging name server
caches on the fly. And all that's just to save a few zone transfers?


More information about the bind-users mailing list