disabling caching/growth of cache (was: Re: 4 interfaces, 4 different responses, 2 forwardings and 1 cache. How ?)

Jan Vicherek honza at ied.com
Sat Oct 23 18:39:25 UTC 1999


On Fri, 22 Oct 1999, Barry Margolin wrote:

> In article <Pine.LNX.4.10.9910211932120.14295-100000 at ann.ied.com>,
> Jan Vicherek  <honza at ied.com> wrote:
> > Now the two on ppp0 and eth1 should only resolve those 10 domains, no
> >other requests should be resolvable. Do I accomplish that by supplying
> >null "forwarders" list ? How do I make sure that no cache is being
> >maintained and no external DNS servers are contacted to resolve the
> >incoming requests ? I guess that's a newbie question and I guess the
> >answer is "Don't specify any forwarders, dummy^H^H^H^H^H^H newbie!"
> 
> You do this by configuring:
> 
> options {
>   ...
>   allow-query { none; };
> }
> 
> zone "domain1.com" {
>   ...
>   allow-query { all; };
> }
> 
> zone "domain2.com" {
>   ...
>   allow-query { all; };
> }
> 
> and so on.

  couldn't I accomplish the effect of "no forward" ( no attempt to contact
any DNS servers except itself ) by specifying pretty blank "." zone db
file ?

 Or would the DNS server, even if I have mostly blank "." zone db, attempt
to contact some of the DNS servers that are contained in the NS records of
the 10 zones it is serving ?

> > Would the following configuration do it ? :
> 
> Except for the above options, yes.
> 
> Note that the eth0 named will maintain its own cache.  It will simply be a
> subset of what's in the lo named's cache, since it will learn everything
> (except its authoritative zones) by forwarding to the lo named.

  so does that mean that there is no way to turn caching off ?

 The reason is that that way, I'll end up with two 95% identical caches;
since 95% of the requests for coming from the LAN will overlap with 95% of
the requests generated on the DNS server machine's lo interface itself.
The reason I have a named also on the lo interface is because it's not
guaranteed that I'll always have the LAN(eth0) interface up. The reason I
have a named also on the eth0 interface is because I need to answer
some requests on eth0 differently than on lo.

 Since I have to run multiple nameds to resolve queries to the outside, it
would be nice if I didn't have to have two almost identical caches. But if
that's not possible, that's OK, I've just upgraded to 64MB RAM, so I can
live with it. Is there a way to say "the max. cache you can keep is 0kB or
1kB ? I.e. if I specify option datasize XXX kB, where XXX is the amount
right after start (taken from `ps auxwww | grep named`) plus 5, when the
limit is reached, the named will : 

A)not function correctly (I.e. refuse to answer queries fully & correctly)
B)get rid of some cache to make sure that it can function normally.

 If B is the case, it might be a solution, tho not the nicest one. Right ?



   Thanks Barry,

         Jan

> >/etc/named.conf.lo :
> >options { forwarders { ext_dns1; ext_dns2; }; listen-on { 127.0.0.1; }; };
> >zone "." { type hint; file "named.ca"; };
> >zone "0.0.127.in-addr.arpa"      { type master; file "named.local"; };
> >/* now 10x */ zone "a_domain."   { type master; file "...lo"; };
> >zone    "4.168.192.in-addr.arpa" { type master; file "...lo"; };
> >
> >/etc/named.conf.eth0
> >options { forwarders { 127.0.0.1; }; listen-on { 192.168.4.1; }; };
> >// now 10x zone "a_domain."      { type master; file "...eth0"; };
> >// zone "4.168.192.in-addr.arpa" { type master; file "...eth0"; };
> >
> >/etc/named.conf.ppp0
> >options { listen-on { 1.2.3.4; }; };
> >// now 10x zone "a_domain." { type master; file "...ppp0"; };
> >
> >/etc/named.conf.eth1
> >options { listen-on { 2.3.4.5; }; };
> >// now 10x zone "a_domain." { type master; file "...eth1"; };

 -- Gospel of Jesus is the saving power of God for all who believe --
                ## To some, nothing is impossible. ##
                   http://Vicherek.Waterloo.on.ca/




More information about the bind-users mailing list