How to disable nameserver caching?
Jim Reid
jim at rfc1035.com
Sat Dec 30 10:51:18 UTC 2000
>>>>> "Tom" == Tom Porter, Ph D <tporter at dtool.com> writes:
Tom> Is this a compile-time procedure?
No. Well I suppose any problem can be decomposed to a compile-time
procedure....
Name server caching is a Good Thing. It speeds up lookups, reduces
traffic and cuts the load on name servers. Why would someone want to
disable this?
What some organisations do is make a distinction between the servers
used by other name servers and the ones used by end users. Servers in
the first category end up only get queried by other name servers. They
usually have recursion switched off. They don't make many queries
either so they hardly cache anything. This means these servers have
minimal exposure to cache poisoning attacks and tend not to hold stale
data or resource records with absurdly long TTLs. Most root and
top-level domain servers are configured this way: or should be.
Name servers in the second category are queried by local systems as
they resolve name lookups. These do cache because they have to query
external name servers as they resolve whatever names were being looked
up by the local users and their applications.
More information about the bind-users
mailing list