invalidate cache on cache-only resolver?

Jim Reid jim at mpn.cp.philips.com
Mon Aug 9 17:23:07 UTC 1999 

>>>>> "Frank" == Frank Cusack <fcusack at iconnet.net> writes:

    Frank> Is it possible to invalidate the cache for a zone on a cache-only
    Frank> resolver?

I presume you mean "name server", not "resolver". If so the answer is
yes: just restart the name server. That invalidates the cache for
sure. :-)

    Frank> On a resolver that is master or slave for a zone, I can run
    Frank> `ndc reload <zone>'. Anything like this for cache-only?

See above.

    Frank> Or, how about letting cache-only servers listen to NOTIFY messages and
    Frank> invalidate their cache based on receiving such a message? Yes, there
    Frank> are security (performance) implications, but something similar to
    Frank> how NOTIFY works with slaves could happen:

    Frank> -- master sends NOTIFY to cache-only
    Frank> -- cache-only sends notify-response to master
    Frank> -- cache-only requests soa record and checks serial
    Frank> -- if serial is newer, cache-only invalidates cache for that zone

And how do you propose to find all the name servers in the world that
might have cached or slaved old data for your zone(s)? This is
non-trivial. And what if my name server doesn't support your proposed
mechanism - there are bazillions of legacy name servers out there that
don't even support NOTIFY (sigh) - or if I don't want Random Users and
name servers playing with my name server's cache? Think also of the
fun and games on a name server at a very big ISP that could be getting
hundreds of your proposed notify-cum-invalidate-my-zone-data messages
from all over the place every second.

For a local environment, set up stealth name servers. These slave your
local zones, but aren't listed in the NS records. You can use the
also-notify clause in named.conf to see that these servers get NOTIFY
messages whenever your zones get updated. (=> fast convergence on all
your servers for the new zone data). This is the best you can do.
Hoping/wanting the ability to reconfigure someone else's name server
on the fly is more than a little unrealistic.

More information about the bind-users mailing list