allow-query-cache and resolution time
Chris Thompson
cet1 at cam.ac.uk
Thu Jan 22 23:04:01 UTC 2009
On Jan 22 2009, LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN wrote:
>My goal is for my authoritiative server to use its memory cache to
>reply to the queries its authoritiative for. However, it should not
>satisfy all other queries - NO to recursion ;) . Overall, I'm wondering
>what affect setting "allow-query-cache" to "none" has on the performance
>of authoritative name servers.
On performance? None at all, to a good approximation. It's more
a security issue.
If you set "recursion no", then no-one external can cause anything
to be fetched into the cache. However, BIND itself can still use it
for internal purposes. For example, it will look up the addresses
of hosts specified in NS records so that it can send NOTIFY packets
to them.
It's probably best if you don't let the outside world see the (small)
cache content thus populated. We use
allow-query { any; };
allow-query-cache { [local debugging interfaces only]; };
recursion no;
for our authoritative-only nameservers. (Some individual zones then have
overrides on allow-query.)
I think a lot of your confusion is due to thinking that the cache
includes the authoritative zone data. It doesn't.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list