BIND Authorative forwarding caching server

BIND Authorative forwarding caching server

Post by dan » Sun, 06 Nov 2005 06:08:18


Hello.

Can BIND be set up to not have ANY zone files, and just be an
authoritative forwarder? So the real DNS server is on the internal
network and say 3 publicly facing DNS servers are just caching queries.
We can't use zone transfers/slave configurations.

I need a named.conf SOMETHING like this:

options {
directory "/var/named";
pid-file "named.pid";
allow-query { any; };
auth-nxdomain yes;
forwarders {10.0.0.10;};
forward only;
};

Unfortunaly, the auth-nxdomain flag doesn't do it.
I am not looking for a debate on the architecture - just wishing to
know if it is possible.
 
 
 

BIND Authorative forwarding caching server

Post by Kevin Darc » Sun, 06 Nov 2005 07:40:37


If you're asking whether you can force the AA flag on for all queries in
a particular zone, without being configured as a master or slave for
that zone, the answer is no.

Moreover, most entities that would care about the setting of the AA flag
also send non-recursive queries, so even if you were to come up with
some hack to force AA on, you'd still have to deal with the fact that
resolvers don't recurse unless they are asked to do so.


- Kevin

 
 
 

BIND Authorative forwarding caching server

Post by dan » Sun, 06 Nov 2005 08:13:34

I dont need to worry about recursion.
I am running BIND with DLZ - a database driven solution for thousands
of zones, which are contunously changing. It dosn't perform to well,
but the functionality gained from doing it this way is immense. Rather
than having many DNS servers, I was hoping to have some
caching/forwarding slaves that all forward to a couple of masters, so
that each slave wont need it's own extenal database.
 
 
 

BIND Authorative forwarding caching server

Post by Brad Knowl » Sun, 06 Nov 2005 08:52:43


BIND can serve data in one of two ways -- as an authoritative
server, or as a caching server. Either way, you've got some sort of
database that you're operating from.

Your caching resolvers are presumably going to serve data from a
lot of domains other than the ones that you own yourself. What's
wrong with having them cache the data from your own servers? If
there is a problem with caching the data from your own servers, then
why not set the TTLs really low?

--
Brad Knowles, < XXXX@XXXXX.COM >

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755

SAGE member since 1995. See < http://www.yqcomputer.com/ ; for more info.
 
 
 

BIND Authorative forwarding caching server

Post by Kevin Darc » Sun, 06 Nov 2005 09:15:43


Why would anything care whether the AA flag is set in the responses from
these "slaves"? I guess I don't understand your architecture...


- Kevin
 
 
 

BIND Authorative forwarding caching server

Post by Dan Glas » Mon, 07 Nov 2005 03:25:21

Hello.

Actually, the caching nameserver will only be caching my own domain names.