named.ca

[Kevin Darcy]

Lary Holland wrote:

> If a server is serving as a primary dns server for domains, should there be
> a named.ca file called in the /etc/named.conf

You don't need a hints file if the root zone is defined in your named.conf as
some other type of zone (master, slave, stub) or if you are forwarding
globally. Otherwise, you do. The nameserver needs *some* way of resolving
names which are outside of its authoritative data.

> If this is supposed to be there, is there a storage time for negative hit
> dns queries outside the network?
>
> By the above question, I mean, if the network goes down or a specific site
> is unreachable will it store the results and no longer attempt to look that
> domain up?

You mean, if it can't resolve a particular DNS name because of network
problems? It will limit the amount of resources it expends on any given
resolution attempt, but if it keeps on getting queries for the name, it will
try to satisfy each one of them, which means going through the same rigamarole
over and over again during an extended outage. You *want* the name to be
available as soon as the network is back up, right? Otherwise you'd
effectively prolong every network glitch with a nameserver "wakeup" delay.
Note that the caching behavior of nameservers means that they can often still
resolve names in a domain even if none of the authoritative nameservers for
that domain are reachable.

Or, were you asking about "negative caching", i.e. remembering authoritative
responses that disavow the existence of a particular name? Yes, a modern
BIND nameserver will not ask about a name if it already has a negative cache
entry for it. Negative cache entries stick around for a configurable amount of
time. The last field of the SOA record is what specifies the negative cache
TTL (time-to-live) for all of the records in that particular zone.


- Kevin