Caching-Only Behavior

Mark_Andrews at isc.org Mark_Andrews at isc.org
Thu Nov 21 07:14:15 UTC 2002


> Joe,
> 
> I don't know the internals of DNS as well as you guys do. My description in
> the last paragraph is all that I want the system to do -- cache the
> infromation for applications on the local host to keep the name resolution
> to the Primary DNS server to a minimum.  I do not want it to act as a
> forwarder, or clients to treat it as a DNS server.  It is true that clients
> won't go to it unless they are configured to, but I don't want to have to
> worry about any security aspects of BIND and port 53.
> 
> So, can a properly configured cache server do what I want?
> 

	Yes.

	options {
		directory "/var/named";
		allow-query { 127.0.0.1; };
		listen-on { 127.0.0.1; };
		// listen-on-v6 { ::1 };   // BIND 9.3 post Nov 2002 only
		notify no;
		//  query-source address * port 53; 
		//  query-source-v6 address * port 53; 
	};

	zone "."  {
		type hint;
		file "hints.db";
	};

	zone "1.0.0.127.in-addr.arpa" {
		type master;
		file "loopback.db";
	};

	zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
		type master;
		file "loopback.db";
	};

	zone "localhost" {
		type master;
		file "localhost.db"
	};

	zone "127.in-addr.arpa" {  // machine local
		type master;
		file "null.db";
	};

	zone "0.in-addr.arpa" {  // reserved
		type master;
		file "null.db";
	};

	zone "255.in-addr.arpa" {  // reserved
		type master;
		file "null.db";
	};

	zone "10.in-addr.arpa" {   // RFC 1918 unless you are using net 10
		type master;
		file "null.db";
	};

	// rest of RFC 1918 nets (exclude space you are using)
	// use null.db to intercept queries
	
	If you are using RFC 1918 address you need to ensure that these
	are answered by internal servers.  Use forward / stub zones
	to direct queries appropriately or use forwarders in options.

loopback.db:
@ 0 SOA <nameofmacchine> <your.email.address> 1 3600 1200 3600000 7200
@ 604800 NS <nameofmacchine>
@ 604800 PTR localhost.

localhost.db:
@ 0 SOA <nameofmacchine> <your.email.address> 1 3600 1200 3600000 7200
@ 604800 NS <nameofmacchine>
@ 604800 A 127.0.0.1
@ 604800 AAAA ::1

null.db:
@ 0 SOA <nameofmacchine> <your.email.address> 1 3600 1200 3600000 7200
@ 604800 NS <nameofmacchine>

resolv.conf
nameserver 127.0.0.1
nameserver ::1
search  ....

	Mark

> -Jeff
> "Joe Kattner" <joe.kattner at adelphia.com> wrote in message
> news:argijk$9d64$1 at isrv4.isc.org...
> >
> > Jeff,
> >
> > If the name server is set up as caching only, other servers will not
> > ever send it queries (unless it's acting as a forwarder, but you don't
> > mention that). It must be authoritative for something so another server
> > would know that it exists and needs to query it. In you example the name
> > server is not authoritative for anything, so the description you give in
> > the last paragraph is accurate; Caching servers work for the clients,
> > and reduce the load on authoritative servers.
> >
> > Clients on the other hand must be configured to send their DNS queries
> > to specific name server(s). The server then uses recursion to find the
> > answers for those clients. Your example server holds no answers, only
> > the ability to perform a recursive query for it's clients.
> >
> > --Joe
> >
> >
> > -----Original Message-----
> > From: NCR Employee [mailto:ncremployee at ncr.com]=20
> > Sent: Wednesday, November 20, 2002 10:11 AM
> > To: comp-protocols-dns-bind at isc.org
> > Subject: Caching-Only Behavior
> >
> >
> > I have not been able to find any reference material to answer my DNS
> > question:
> >
> > When a UNIX system is properly setup to perform caching and it is not
> > setup as a Primary or Secondary Nameserver, will it respond to name
> > server requests that are sent directly to it from other servers?
> >
> > I would think that name caching was used on the local host to speed up
> > name resolution for local applications and to minimize requests to the
> > actual DNS server, rather than, providing name resolution for other
> > servers.
> >
> > Jeff
> >
> >
> >
> >
> >
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list