Cache only NS out of box

Kevin Darcy kcd at daimlerchrysler.com
Tue May 1 05:09:32 UTC 2001 

If you don't have full connectivity to the Internet DNS, then you may have
to use forwarding. But if you are forwarding, you are *also* caching as
well -- the two are not mutually exclusive. Usually, though, what people
mean when they say "caching server" is "caching-only", i.e. using only the
hints file and referrals/caching to resolve queries (as opposed to
forwarding, stub'bing, being a slave, etc.).

What did your logs say when things weren't working? What if you try just
bouncing a few queries off the root servers and/or TLD servers? Can you
reach them from your machine? If not, then you're going to have big
problems trying to be a caching-only server.

BTW, if you're using forwarding to get around a connectivity problem, then
use "forward only" rather than "forward first". If you use "forward
first" and lose contact with your forwarders, your nameserver will go
catatonic with doomed attempts to try and contact the nameservers in its
hints file. Better that it just fail the queries once it realizes the
forwarders are unavailable.

Your supposition is correct about the authoritativeness of your responses
-- if you're using forwarding, then it's more likely that any given query
you make is coming from a cache than directly from an authoritative server,
therefore the responses will tend to be non-authoritative and have degraded
TTL values.


- Kevin

Adam Williams wrote:

> Hello all.
>
> I just installed Redhat Linux 7.1 and chose the server configuration. I
> also opted to install the DNS service. RedHat supplies a .rpm to enable
> a cache only server. It came with bind 9.1.0.
>
> It didn't work "out of the box". I added
>
> forward first;
> forwarders {
>         123.456.789.1;
>         etc...
> };
>
> to the options section of named.conf. I could then tell clients to use
> my server exclusively and then it would work.
>
> It _seems_ as though named is not using the named.ca hint file. While
> looking at the DNS_HOWTO (which covers bind8), I learned that the server
> should work without these forward additions. It didn't. Also, when I
> dig, I notice that I never get an authoritative answer for a first time
> query (I think all of my answers come from one of the servers in
> forwarders {}).
>
> Has anyone experience this with bind9? I don't think I'm caching.
>
> Adam Williams
> RoleModel Software

More information about the bind-users mailing list