Using BIND9 as a Caching Server, is there a way to set the expiration of the cached items/names?
My BIND9 is currently running fine but is there a way to set the expiration time/date of the cached names? If so, how?
Thanks in advance guys
Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA
record for the zone contains the TTL for negative results.
Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.
For example, when I resolve google.de
:
google.de. 300 IN A 216.58.205.227
If I do it again ten seconds later:
google.de. 290 IN A 216.58.205.227
The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.
So, lifetime is tracked per record.
When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.
When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.
When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.
In either case, you can limit the TTL for cached records on your server using the max-cache-ttl
and max-ncache-ttl
settings in BIND.
In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.
In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.
Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.
tl;dr: you can, but you shouldn't.