HPE Community
Operating System - HP-UX
1846601 Members
2386 Online
110256 Solutions
New Discussion

Re: DNS & cache

 
Sergejs Svitnevs
Honored Contributor

‎03-20-2003 06:35 AM

‎03-20-2003 06:35 AM

DNS & cache

I want to increase perfomance of my DNS server using cache of the negative answers. I have modified my named.conf file with "max-ncache-ttl 10800;" option and reloaded new config.
When I trying to resolve the host with valid SOA using nslookup and name server reply with NXDOMAIN, named cache it. But there are lots of domains (especially reverse domains) that aren't
configured correctly. If nslookup reply with "connection timed out; no servers could be reached", the cache is empty. Is it possible to cache hosts if they don't have valid SOA records?

Thanks,
Sergejs
0 Kudos
Reply
3 REPLIES 3
Sergejs Svitnevs
Honored Contributor

‎03-20-2003 09:28 AM

‎03-20-2003 09:28 AM

Re: DNS & cache

i hope somebody may have a answer for my problems...
0 Kudos
Reply
Michael Knaup
Advisor

‎03-21-2003 02:30 AM

‎03-21-2003 02:30 AM

Re: DNS & cache

Hi Sergej,

you're right. Just valid answers like NXDOMAIN can be cached for negative caching.

Answers like SERVFAIL aren't cached. I don't think there is a way to get those messages cached.

Cheers,

Michael
0 Kudos
Reply
Paul R. Dittrich
Esteemed Contributor

‎03-21-2003 04:41 AM

‎03-21-2003 04:41 AM

Re: DNS & cache

Quoting directly from Albitz & Liu, 4th edition, page 453:

"If you're running a BIND 8 or 9 name server and other resolvers and servers seem to ignore your server's cached negative responses, auth-nxdomain is probably off."

"auth-nxdomain is an options statement that tells a BIND 8 or 9 name server to flag cached negative responses as authoritative, even though they're not. That is, if your name server has cached the fact that titanic.movie.edu does not exist fromthe authoritative movie.edu name servers, auth-nxdomain tells your server to pass along that cached response to resolvers and servers that query it as though it were the authoritative name server for movie.edu."

Try turning on the d2 option to nslookup so you get the full debug output and can see exactly what is happening.

HTH,
Paul
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.