Using BIND9 as a Caching Server, is there a way to set the expiration of the cached items/names?

bind caching

My BIND9 is currently running fine but is there a way to set the expiration time/date of the cached names? If so, how?

Thanks in advance guys


Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA record for the zone contains the TTL for negative results.

Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.

For example, when I resolve google.de:

google.de.              300     IN      A       216.58.205.227

If I do it again ten seconds later:

google.de.              290     IN      A       216.58.205.227

The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.

So, lifetime is tracked per record.

When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.

When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.

When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.

In either case, you can limit the TTL for cached records on your server using the max-cache-ttl and max-ncache-ttl settings in BIND.

In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.

In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.

Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.

tl;dr: you can, but you shouldn't.

Related

Capture2Text - Alternative (Capture text from Screen Directly) in Ubuntu Mate
Unable to upgrade zfsutils-linux on 20.04
Xubuntu desktop settings not showing wallpapers
How to import a Swift framework globally?
Can I have multiple GOPATH directories?
How to write the output to html file with Python BeautifulSoup
How to fix Invocation failed Unexpected Response from Server: Unauthorized in Android studio
Regex to match alphanumeric and spaces
Passing arguments by reference
How to create a delete link for a related object in Ruby on Rails?
What's the difference between String.matches and Matcher.matches?
Calculate the difference between two dates and get the value in years? [duplicate]