Controlling the BIND cache (caching only authoritative responses)
Mark_Andrews at isc.org
Wed May 23 21:28:54 UTC 2007
> Is it possible to instruct BIND to cache only replies from
> authoritative servers?
It does/tries to provided it isn't configured to use a
forwarder, with a caveat of having to accept glue.
> If not, how can an ISP prevent a bad user poisoning the cache for everyone
That's the tricky part. Working out what parts of a response
to cache and when. If everyone signed their zones then we
could use cryptographic techniques to prevent cache poisioning.
> Thanks a lot, again.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users