Force Clients to *always* use authoritative
Bill Larson
wllarso at swcp.com
Tue Dec 19 01:28:41 UTC 2006
On Dec 18, 2006, at 4:12 PM, Karl R. Balsmeier wrote:
> Peter Dambier wrote:
>
>> Karl R. Balsmeier wrote:
>>
>>> Is there a specific way to set a name server so that clients are
>>> always
>>> *forced* to use an autoritative name server?
>>>
>>> UltraDNS and some others have mentioned little features they
>>> have, but
>>> it only hints at the possibility that somewhere in the DNS spec.
>>
>> Just switch off recursion on your server then they are forced to
>> either
>> choose an open resolver or run their own namserver as resolver.
>>
>> If they delete any forwarders from their /etc/named.conf then they do
>> query only authoritative nameservers starting with the rootservers
>> and
>> rarely ever touch your nameserver most of the time.
>>
> well, basically we are trying to make sure that the clients do not use
> cached lookups...
>
> We were just advised:
Advised of what? By whom?
> If so you could use max-cache-ttl and max-ncache-ttl with a very
> low ttl like 1 second. Although then you still have a problem with
> the client itself caching the lookup.
If you are not going to provide cached DNS information to your users
why are you running a DNS server at all? I thought that this caching
was one of the reasons that you provided a DNS server for your
users. (This is ignoring running an authoritative DNS service for
your zones, and this should/could be set up to be non-recursive.)
I agree with Peter. If you don't want to provided any cached
information, just shut off recursion and force the systems that use
your server to configure their own DNS server.
Bill Larson
More information about the bind-users
mailing list