answers from cache- verification
kcd at chrysler.com
Thu Jun 19 05:21:22 UTC 2008
Alan Clegg wrote:
> Louis Luciano wrote:
>> Do you know the cleanest way to verify that repeated DNS requests to a
>> caching-only DNS 9.3.2 nameserver are truly being satisfied from cache?
> Watch for a decreasing TTL.
Well, _theoretically_ the TTL of the RRset on the master could be
changing over time, so declining TTL values is technically only a
_heuristic_ method of verifying that the answers are coming from cache.
I suppose one could intersperse SOA queries in between the probe queries
in order to confirm that the zone did not change, but how rigorous do we
want to be here? The better way, surely, is to see if there is any
"backend" query traffic between the putative caching resolver and the
authoritative server(s) for the zone.
On 9.4.x or higher, of course, another option presents itself: restrict
cache access via allow-query-cache, and thereby see if the queries fail.
More information about the bind-users