cache only servers

Kevin Darcy kcd at daimlerchrysler.com
Fri Jan 7 15:02:02 UTC 2000 

jgomide at bancobrasil.com.br wrote:

> Hi
>
> I´m configuring some cache only servers in the lowest level of the DNS
> tree in my internal network. Can I specify in the cache (hint) file an
> upper domain, or it is useless and the DNS always goes to root server?

The hints file is intended to provide root server information. The root
servers should know about, or provide a useful referral for all of the
zones you intend to query iteratively (as opposed to forwarding), so
generally you wouldn't need to put any non-root information there anyway.
There are 3 reasons I can think of that you may want to give your
nameserver "special" knowledge about an internal zone mastered elsewhere
on your network:

1) for performance, to avoid the initial query and occasional re-queries
to the roots for referral information for the zone,

2) for redundancy, so that you can still resolve the zone even if you're
disconnected from the roots and/or authoritative servers for the zone, or

3) because you are forwarding by default to a server which is not
knowledgeable about the zone, most likely so that you can resolve
Internet names through a firewall.

For (1) or (3), define the zones as forward, slave or stub; for (2)
define the zones as slave. Note that all of these zone types require you
to configure a list of addresses for the forwarders/masters, and thus
incur a maintenance burden. If you want to be a slave, the master will
have to allow you to perform zone transfers, and if you want to forward,
the forwarder will need to have recursion enabled. Also, if you are
forwarding by default and define a zone as slave or stub, watch out for
subzones! You may need to add a "forwarders {}" statement to those zone
definitions to prevent queries for the subzones from being forwarded.

If you have a lot of internal domains to know about, and there are
internal root servers available which know about them, it is tempting to
try to mix a hints file with default forwarding. Unfortunately, this
doesn't work in the current BIND. There is a small patch to enable this,
but apparently ISC isn't interested in adopting it. Pity.


- Kevin

More information about the bind-users mailing list