Additional records in A-Query

Kevin Darcy kcd at chrysler.com
Mon Apr 19 14:50:02 UTC 2010


On 4/18/2010 5:17 AM, Fabian Hahn wrote:
> To speed up queries for the user I need to force the inclusion of additional records in a DNS response.
>
>    I.e. when returning  www.domain.com A I would like to force the inclusion of A-records for static1.domain.com and static2.domain.com since they will be used in the same web-page.
>
>    
No, you can't convince BIND to include "unsolicited" A-records in a 
response, and even if you could, most resolvers would reject them 
anyway, as Barry pointed out. There are serious security problems with 
accepting A-records that weren't found through the regular iterative 
process. How can you trust that such A-records are legitimate?

Sledgehammer approach: run a "refreshing" script to periodically query 
those names so that you can keep your local cache populated with them. 
The frequency of that script should be tuned to the TTL of the relevant 
records. If your client usage patterns indicate low activity at certains 
times of day/week, then you might want to exclude those times from the 
running of the "refreshing" script, so as to reduce the 
network-bandwidth overhead.

                                                                         
                                                     - Kevin





More information about the bind-users mailing list