Cached Information

[Kevin Darcy]

David wrote:

>Using views, is there a way to allow access to cached information in
>one view and disallowing access to the cache in another view?  Can I
>just set "fetch-glue no" in the disallowed view?
>
The cache isn't shared between views anyway; in terms of data storage, 
each view should be conceptualized as being actually a different 
nameserver. So, with that conceptualization in place, your question 
becomes "can I have a nameserver that doesn't allow clients to see the 
cache?", or, basically "can I have a nameserver that doesn't cache at 
all?" The simple answer is "no", at least with BIND. What you _can_ do, 
however, and many people do, is a) limit what gets into the cache in the 
first place by limiting recursion (e.g. as an exterme case, with no 
recursion at all, there is nothing in the cache, only authoritative 
data), and/or b) limit query access by zone (e.g. have a global "deny" 
which is then selectively overridden). I suppose you could also tune 
your BIND instance to clean out its cache very aggressively, but that 
would not be a 100% solution, and whether it is appropriate or not would 
depend on whether your question was motivated more by security or by 
performance/capacity concerns.

                                                                         
                                                         - Kevin