Controlling the BIND cache (caching only authoritative responses)

Mark Andrews Mark_Andrews at
Wed May 23 21:28:54 UTC 2007

> Hello,
> Is it possible to instruct BIND to cache only replies from
> authoritative servers?

	It does/tries to provided it isn't configured to use a
	forwarder, with a caveat of having to accept glue.
> If not, how can an ISP prevent a bad user poisoning the cache for everyone
> else?
	That's the tricky part.  Working out what parts of a response
	to cache and when.  If everyone signed their zones then we
	could use cryptographic techniques to prevent cache poisioning.

> Thanks a lot, again.
> Ben

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list