Caching name server setup problems

[Chris Buxton]

By default, recursion is on (which you want), and forwarding is off.  
If you set a nonempty forwarders list, the default is "forward first",  
as opposed to "forward only".

In any of these cases, if you ask it a question, it looks at your own  
authoritative data first. If that doesn't contain the answer, it looks  
at cached data. If that doesn't contain the answer, then it (depending  
on settings) performs recursion, forwards first, or just forwards.

Forward first: Send a recursive query upstream and wait a short time.  
If no answer is received, perform recursion directly. If the forwarded  
query is answered before recursion finishes, use that, otherwise  
complete recursion and use that answer.

Forward only: Send a recursive query upstream and wait for an answer.  
Do not perform recursion, ever.

In either of the above cases, with modern versions of BIND, multiple  
forwarders are queried according to the RTT algorithm - the fastest  
one is generally tried first.

Given that you're able to get recursion to complete in about 100 ms,  
you may not want to bother with forwarding. It just makes everything  
more brittle, and it makes you reliant on the security measures of  
your ISP.

To answer your other questions:

1. With redundant resolvers, there is no way to share a cache. (You  
could use forwarding between them, but this is not a good solution -  
it's ugly, and it ends up being counterproductive.)

2. Yes there is. Forward, either "first" (the default) or "only". You  
need to leave recursion on (the default); turning it off also turns  
off forwarding.

Chris Buxton
Professional Services
Men & Mice

On Jul 15, 2008, at 9:59 AM, Michael Varre wrote:

>>> I don't think you can turn on caching if you used BIND as recursive
>>> resolver
>>> :) So it most probably does cache the data. You can simply try
>>>
>>> dig +norecurse @yourserver <name>
>>>
>>> so BIND will only return local/cached data
>>> --
>>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>> Depression is merely anger without enthusiasm.
>> [Michael P. Varre]
>>
>> Well I *think* I've got it working. Now
>>
>> I had "forward only;" and recursion turned off.  Not sure how the  
>> heck
>> I
>> missed that.  I removed forward only (I of course only want to  
>> forward
>> if
>> *I* don't have an answer)...and I would be either my cache or my
>> locally
>> hosted internal zones.  And recursion to on...well duh I want to
>> recurse if
>> I DON'T have the answer for other stuff.
>>
>> I then did dig msn.com = 112msec.  then did dig msn.com again and got
>> 1msec.
>> From what I can tell so far I think its working as planned.  Think im
>> missing something here?
>>
>>
>>
>
> [Michael P. Varre]
> Actually I did just think of two other questions directly related to  
> this
> scenario.
>
> 1.	in the spirit of redundancy, im setting up a primary and secondary
> in the scenario.  Is there any way to replicate or share that cached  
> data
> between my two servers?  From what I am seeing the answer is no -  
> and im
> fine with that as long as it's the actual answer.
>
> 2.	I guess back to your original point about forwarding and
> recursing...i see that when I +trace my queries aren't actually  
> being looked
> up by the forwarders I have set in bind...they are doing full  
> recursive
> queries to the root serves, which I suppose actually makes perfect  
> sense.
>
> When I turn recursion on, it doesn't use the forwarders I have set,  
> when I
> turn it off and do a dig for an outside domain it says "dig:  
> couldn't get
> address for 'H.ROOT-SERVERS.NET': not found" - or whichever other root
> server it tries at the time.
>
> Am I missing something here?  So if I want to run a caching server I  
> cant
> use my ISP's upstream DNS server?  I have to actually do full  
> recursion on
> first-time lookups?
>
> Thanks again!
>
>
>
>
>
>