Caching-Only Behavior
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Nov 21 07:14:15 UTC 2002
> Joe,
>
> I don't know the internals of DNS as well as you guys do. My description in
> the last paragraph is all that I want the system to do -- cache the
> infromation for applications on the local host to keep the name resolution
> to the Primary DNS server to a minimum. I do not want it to act as a
> forwarder, or clients to treat it as a DNS server. It is true that clients
> won't go to it unless they are configured to, but I don't want to have to
> worry about any security aspects of BIND and port 53.
>
> So, can a properly configured cache server do what I want?
>
Yes.
options {
directory "/var/named";
allow-query { 127.0.0.1; };
listen-on { 127.0.0.1; };
// listen-on-v6 { ::1 }; // BIND 9.3 post Nov 2002 only
notify no;
// query-source address * port 53;
// query-source-v6 address * port 53;
};
zone "." {
type hint;
file "hints.db";
};
zone "1.0.0.127.in-addr.arpa" {
type master;
file "loopback.db";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "loopback.db";
};
zone "localhost" {
type master;
file "localhost.db"
};
zone "127.in-addr.arpa" { // machine local
type master;
file "null.db";
};
zone "0.in-addr.arpa" { // reserved
type master;
file "null.db";
};
zone "255.in-addr.arpa" { // reserved
type master;
file "null.db";
};
zone "10.in-addr.arpa" { // RFC 1918 unless you are using net 10
type master;
file "null.db";
};
// rest of RFC 1918 nets (exclude space you are using)
// use null.db to intercept queries
If you are using RFC 1918 address you need to ensure that these
are answered by internal servers. Use forward / stub zones
to direct queries appropriately or use forwarders in options.
loopback.db:
@ 0 SOA <nameofmacchine> <your.email.address> 1 3600 1200 3600000 7200
@ 604800 NS <nameofmacchine>
@ 604800 PTR localhost.
localhost.db:
@ 0 SOA <nameofmacchine> <your.email.address> 1 3600 1200 3600000 7200
@ 604800 NS <nameofmacchine>
@ 604800 A 127.0.0.1
@ 604800 AAAA ::1
null.db:
@ 0 SOA <nameofmacchine> <your.email.address> 1 3600 1200 3600000 7200
@ 604800 NS <nameofmacchine>
resolv.conf
nameserver 127.0.0.1
nameserver ::1
search ....
Mark
> -Jeff
> "Joe Kattner" <joe.kattner at adelphia.com> wrote in message
> news:argijk$9d64$1 at isrv4.isc.org...
> >
> > Jeff,
> >
> > If the name server is set up as caching only, other servers will not
> > ever send it queries (unless it's acting as a forwarder, but you don't
> > mention that). It must be authoritative for something so another server
> > would know that it exists and needs to query it. In you example the name
> > server is not authoritative for anything, so the description you give in
> > the last paragraph is accurate; Caching servers work for the clients,
> > and reduce the load on authoritative servers.
> >
> > Clients on the other hand must be configured to send their DNS queries
> > to specific name server(s). The server then uses recursion to find the
> > answers for those clients. Your example server holds no answers, only
> > the ability to perform a recursive query for it's clients.
> >
> > --Joe
> >
> >
> > -----Original Message-----
> > From: NCR Employee [mailto:ncremployee at ncr.com]=20
> > Sent: Wednesday, November 20, 2002 10:11 AM
> > To: comp-protocols-dns-bind at isc.org
> > Subject: Caching-Only Behavior
> >
> >
> > I have not been able to find any reference material to answer my DNS
> > question:
> >
> > When a UNIX system is properly setup to perform caching and it is not
> > setup as a Primary or Secondary Nameserver, will it respond to name
> > server requests that are sent directly to it from other servers?
> >
> > I would think that name caching was used on the local host to speed up
> > name resolution for local applications and to minimize requests to the
> > actual DNS server, rather than, providing name resolution for other
> > servers.
> >
> > Jeff
> >
> >
> >
> >
> >
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list