DNS caching server
Kevin Darcy
kcd at daimlerchrysler.com
Wed Oct 12 22:21:57 UTC 2005
raghavendra.sadaramachandra at wipro.com wrote:
>Hi All,
>
>
>
> I am using bind-9.2.5. It is working fine for internal domains.
>
>
>
> Now I want configure it for caching server functionality. As I
>understand caching server means, If my DNS server does not contain
>information about some domain (that the client requested), then it
>forwards that request to the known DNS server on the internet. After
>getting info from some DNS server on internet, it saves this information
>in its database. So that next time some client requests for that domain
>instead of contacting the other DNS servers on the internet it searches
>in its own database and services the query.
>
>
>
>So please help me out in exploring this feature of BIND. I mean what all
>configurations I should do?
>
What you describe is the default behavior of named. All you probably
need is for recursion to be turned on (which is the default) and for a
hints zone (zone ".", type "hint") to be defined (actually, even that is
not strictly necessary, since there is a compiled-in version of the
hints file which is used if the root zone is not explicitly defined). I
say "probably" above, because it might be the case that your ISP limits
your DNS queries to its own servers. If you're stuck in that situation,
then you may need to configure their nameservers as forwarders for
yours, using "forwarders" and "forward only".
For security reasons, of course, you would only want internal clients to
be able to recurse. You can control recursion selectively using
"allow-recursion". You probably also want to prevent external clients
from querying your internal zones. You can control that via
"allow-query" (it's probably a good idea to do that, even if your
firewall is configured to prevent inbound queries, since firewalls can
get misconfigured).
Lastly, be aware that when you recurse queries, your cache will fill up
with entries, and this will cause the memory consumption, and in extreme
cases, maybe also the CPU usage, of your "named" process to fluctuate
much more than when you only serve authoritative data and don't recurse.
If this gets to be a problem, you may need to tune your cache size,
cache cleaning interval, maximum lifetime of cache entries, etc. But I'd
probably just watch it initially to see if such tuning is even necessary...
- Kevin
More information about the bind-users
mailing list