DNS caching server

Kevin Darcy kcd at daimlerchrysler.com
Wed Oct 12 22:21:57 UTC 2005 

raghavendra.sadaramachandra at wipro.com wrote:

>Hi All,
>
>
>
> I am using bind-9.2.5. It is working fine for internal domains.
>
>
>
> Now I want configure it for caching server functionality. As I
>understand caching server means, If my DNS server does not contain
>information about some domain (that the client requested), then it
>forwards that request to the known DNS server on the internet. After
>getting info from some DNS server on internet, it saves this information
>in its database. So that next time some client requests for that domain
>instead of contacting the other DNS servers on the internet it searches
>in its own database and services the query.
>
>
>
>So please help me out in exploring this feature of BIND. I mean what all
>configurations I should do?
>
What you describe is the default behavior of named. All you probably 
need is for recursion to be turned on (which is the default) and for a 
hints zone (zone ".", type "hint") to be defined (actually, even that is 
not strictly necessary, since there is a compiled-in version of the 
hints file which is used if the root zone is not explicitly defined). I 
say "probably" above, because it might be the case that your ISP limits 
your DNS queries to its own servers. If you're stuck in that situation, 
then you may need to configure their nameservers as forwarders for 
yours, using "forwarders" and "forward only".

For security reasons, of course, you would only want internal clients to 
be able to recurse. You can control recursion selectively using 
"allow-recursion". You probably also want to prevent external clients 
from querying your internal zones. You can control that via 
"allow-query" (it's probably a good idea to do that, even if your 
firewall is configured to prevent inbound queries, since firewalls can 
get misconfigured).

Lastly, be aware that when you recurse queries, your cache will fill up 
with entries, and this will cause the memory consumption, and in extreme 
cases, maybe also the CPU usage, of your "named" process to fluctuate 
much more than when you only serve authoritative data and don't recurse. 
If this gets to be a problem, you may need to tune your cache size, 
cache cleaning interval, maximum lifetime of cache entries, etc. But I'd 
probably just watch it initially to see if such tuning is even necessary...

                                                                         
                                             - Kevin

More information about the bind-users mailing list