DNS-cache with custom gTLDs
Drunkard Zhang
gongfan193 at gmail.com
Wed Sep 21 11:33:29 UTC 2011
2011/9/20 Drunkard Zhang <gongfan193 at gmail.com>:
> I got 4 DNSs doing recursive resolution, which splited into 2 groups,
> and a couple of dns caches. Each group of recursion DNS using their
> own net link, which is different.
>
> Here's problem: I want a dns-cache to use one group of recursion DNS
> as their forwarders, and use another group as backup. ( I have to,
> because 2 groups of recursion DNS get different results, and sometimes
> one of them can't resolves, while another can. ) All solution I can
> find out is "forward first" to one group, and use all 2 groups as
> gTLDs, is this __safe__?
>
This is not working... I did some test, and if dns-cache got a
NXDomain response, it won't go any far. Is it intended? or I missed
something? I'm using 9.7.3-P3. Here's my configuration on dns-cache.
options {
directory "/var/";
pid-file "file-named.pid";
dump-file "file-dumpfile";
statistics-file "file-stat";
max-cache-size 3000M; # 3 GB
allow-query { any; };
max-ncache-ttl 600;
max-cache-ttl 86400;
recursive-clients 1000000;
tcp-clients 500000;
interface-interval 0;
cleaning-interval 3600;
recursion yes;
};
zone "." IN {
type hint;
file "named.cache";
};
zone "." {
type forward;
forward first;
forwarders {
211.161.192.1;
211.161.192.13;
};
};
Put forward section to option clause not working too.
> Is there any other solution I can hack?
>
>
> Another problem: there's a lot of resolution on dns-cache querying
> a.root-servers.net, is it safe that i hijack a.root-servers.net to my
> own DNS? If it's safe, I can cut down queries to a.root-servers.net by
> millions of times per hour.
>
> Look forwarding to your kind responses :-)
>
When I query a name, the dns-cache queries forwarders for gTLDs
instead of using local hint file, why? And the dns-cache does not
trust forwarder returned result when set "forward first", is it
possible to fake it?
More information about the bind-users
mailing list