Re: allow-query-cache and resolution time
LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN
lmatusovskay at bloomberg.net
Thu Jan 22 22:09:28 UTC 2009
My goal is for my authoritiative server to use its memory cache to reply to the queries its authoritiative for. However, it should not satisfy all other queries - NO to recursion ;) . Overall, I'm wondering what affect setting "allow-query-cache" to "none" has on the performance of authoritative name servers.
Thank you
----- Original Message -----
From: LENA MATUSOVSKAYA (BLOOMBERG/ 731 LEXIN)
To: BIND-USERS at lists.isc.org
At: 1/22 16:52:12
Thank you
Maybe I didn't word my question correctly.
allow-query-cache definitions states allow-query-cache "specifies which hosts are allowed to get answers from the cache." Which cache is it refering to? Could the cache also contain records which a master server is authoritative for? With allow-query-cache set to "none", does it mean a master dns host would forgo looking at its memory cache to serve records its authoritative for?
Thank you.
----- Original Message -----
From: Matthew Pounsett <matt at conundrum.com>
To: LENA MATUSOVSKAYA (BLOOMBERG/ 731 LEXIN)
Cc: BIND-USERS at lists.isc.org
At: 1/22 16:21:46
On 22-Jan-2009, at 16:00 , LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN
wrote:
> Hello,
>
> Thank you for answering my quesiton yesterday.
>
> I have a new question about allow-query-cache and its effect on a
> dns server' response resolution time.
>
> allow-query-cache "specifies which hosts are allowed to get answers
> from the cache". I'm assuming this is refering to the memory cache.
> If allow-query-cache is set to "none" in options/views statement
> does it mean that the DNS server's query response time would be less
> efficient/slower than with setting allow-query-cache to "any"?
> If the answer is allow-query-cache is leff efficient, is it possible
> to override the setting for some zones and how? allow-query-cache
> cannot be used within zone statements.
I'm going to assume you're talking about a recursive server and not an
authoritative server.
You generally do not want to restrict caching by zone, but rather by
query source. That is, you want the computers in your network to be
able to do recursion (and get responses from cache) for all zones, but
you do not want computers outside your network (outside of your
control) using your recursive server at all, because that makes you a
vector for denial of service against other people's networks.
Normally, the setting on a recursive server for allow-query-cache will
match your restrictions on recursion. That is, the same clients which
are allowed to send recursive queries are allowed to get answers from
cache.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/octet-stream
Size: 194 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090122/1baaee9b/attachment.obj>
More information about the bind-users
mailing list