Cached Information
Kevin Darcy
kcd at daimlerchrysler.com
Thu Dec 2 04:00:54 UTC 2004
David wrote:
>Using views, is there a way to allow access to cached information in
>one view and disallowing access to the cache in another view? Can I
>just set "fetch-glue no" in the disallowed view?
>
The cache isn't shared between views anyway; in terms of data storage,
each view should be conceptualized as being actually a different
nameserver. So, with that conceptualization in place, your question
becomes "can I have a nameserver that doesn't allow clients to see the
cache?", or, basically "can I have a nameserver that doesn't cache at
all?" The simple answer is "no", at least with BIND. What you _can_ do,
however, and many people do, is a) limit what gets into the cache in the
first place by limiting recursion (e.g. as an exterme case, with no
recursion at all, there is nothing in the cache, only authoritative
data), and/or b) limit query access by zone (e.g. have a global "deny"
which is then selectively overridden). I suppose you could also tune
your BIND instance to clean out its cache very aggressively, but that
would not be a 100% solution, and whether it is appropriate or not would
depend on whether your question was motivated more by security or by
performance/capacity concerns.
- Kevin
More information about the bind-users
mailing list