Is caching necessary?

Kevin Darcy kcd at daimlerchrysler.com
Sat Apr 30 03:45:02 UTC 2005


Pepe wrote:

>Kevin Darcy escribi=F3:
>   > Lorenzo wrote:
>   >>I have a DNS server setup for my home LAN. Yes, its a bit much, but
>   >>everyone needs a hobby.
>   >>[...]
>   >>Currently, I forward my queries onto my
>   >>ISP, which if I understand things correctly, means I'm not caching
>   >>anyway.
>   >
>   > No, forwarding still caches, and you're benefiting from that caching=
>
>   > behavior.
>   > [...]
>   > P.S. Why are you forwarding? Does your ISP block queries directly
>   > between your nameservers and Internet nameservers?
>
>If not forwarding to the ISP nameservers, should his LAN nameserver
>query the root nameservers for any and all zones he is not authoritative
>for? Would not this, if done by everybody, overload the root nameservers?=
>
The DNS namespace is hierarchical, and "referral" information is cached 
for all levels of the hierarchy. So as long as you have the ".com" 
records cached, you don't need to go up to the roots to resolve a name 
ending in ".com", you don't need to go to the roots to resolve a name 
ending in ".net" if you have ".net" referral records cached and so on. 
So in truth the roots don't get queried as often as one might expect. 
The ".com" servers actually get queried more often than the roots, I 
believe, but even they don't get constantly hammered for popular .com 
domains for which the referral information is usually cached in any 
given nameserver.

The only legitimate reason for forwarding to a central cache, when one 
has the option available to query Internet nameservers directly, is if 
the constellation of local network topology, query patterns, TTL values, 
etc. happen to all align so as to make your average and/or worst-case 
query latency better that way. It's actually quite rare for this to be 
the case. More often than not, folks forward BIND to their ISPs 
nameservers because they are thinking like they have a stub resolver 
with added caching capabilities instead of appreciating that they have a 
fully-functional iterative resolver at their command.
                                                                         
                                                                  - Kevin

P.S. If one makes a conscious decision to forward to one's ISP's 
nameservers purely for performance reasons, one should take care to 
configure this as "forward first" instead of "forward only". That way, 
BIND will fall back to iterative resolution if the forwarders are down 
or unavailable.




More information about the bind-users mailing list