HPE Community
Operating System - HP-UX
1820895 Members
3945 Online
109628 Solutions
New Discussion юеВ

Re: How not to cache a DNS lookup

 
SOLVED
Go to solution
David Barkman
Occasional Advisor

тАО09-12-2003 09:19 AM

тАО09-12-2003 09:19 AM

How not to cache a DNS lookup

Hello

Is it possible to make a client or a server not cache the results of an nslookup?

I am using name resolution to contact a server that for security reasons, changes its IP address about every 15-30 seconds. So on a regular basis, I can't connect, I assume because I'm using incorrect cache.

My client is an R390 running HP-UX 11.0. I'm not sure what the server is, but I could setup DNS on the client and have it just use itself for resolution, but would still need it not to cache lookups for this one site.

Thanks in advance for any help!
0 Kudos
Reply
7 REPLIES 7
Mark Grant
Honored Contributor

тАО09-12-2003 09:59 AM

тАО09-12-2003 09:59 AM

Re: How not to cache a DNS lookup

Is it DNS or arp that's the problem here? You'd probably want delete the arp entries.

I'm really interested to know what useful connection you can make to a machine that changes it's IP address every 15-30 seconds though.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
doug mielke
Respected Contributor

тАО09-12-2003 10:11 AM

тАО09-12-2003 10:11 AM

Re: How not to cache a DNS lookup

I'd love to hear more about this.

Our systems take about 2 minutes for an IP address change to propagate through the switches, and 10 or 15 minutes for a DNS change to be seen throughout the building. More time still for the WAN to catch up.

If you do decide to clear the ARP table, and not just an entry, be prepared for the short flood and delay on a big net when everyone sends out new arp requests.
0 Kudos
Reply
David Barkman
Occasional Advisor

тАО09-12-2003 10:22 AM

тАО09-12-2003 10:22 AM

Re: How not to cache a DNS lookup

Thanks for the replies so far.

We are connecting a commerce server to a credit card processor, so the connections rarely last more than a second.

Looking closer, I found the cc processor rolls its IP between three IPs every 15, 30, 45, or 60 seconds, which IP it uses and how long it will use it for is completely random.

They only way they will let us connect is through name resolution, but as before, if we cache that IP, it may not work in the near future.

We are also calling the cc processor to see if they know how to setup our DNS to not cache their address. But if anyone knows a way, please respond.

Thanks again!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО09-12-2003 03:24 PM

тАО09-12-2003 03:24 PM

Solution

Re: How not to cache a DNS lookup

I assume that you are using BIND9; if you ain't you should be and the best place to get it is from www.isc.org since they develop and maintain it. I always download the source and compile/link it and 9.2.0 works very well on 11.0.

If you want to completely disable caching in the named.conf file options section:

options {
recursion no;
};

but I doubt you want to do that. The better answer would be to instruct all DNS queries about a particular zone (e.g. "creditcard.abc") to be directed to a particular forwarder and not attempt to do any local resolution.

zone "creditcard.abc" {
type forward;
forwarders {65.165.23.17};
forward only;
};

This will have the effect of forwarding all requests concerning "xxx.creditcard.abc" to 65.165.23.17. The syntax also allows for non-default ports for that DNS server.

If it ain't broke, I can fix that.
Reply
U.SivaKumar_2
Honored Contributor

тАО09-13-2003 01:30 AM

тАО09-13-2003 01:30 AM

Re: How not to cache a DNS lookup

Hi,

I beg to differ. Disabling Recursion in a Caching only DNS server( in forwarding setup ) will disable the name resolving ability of the caching server.

I would suggest to use max-cache-ttl option in named.conf.

For example, in named.conf put

max-cache-ttl 5

will expire the cached entries after 5 seconds and perform a fresh recursive lookup.

regards,

U.SivaKumar.

Innovations are made when conventions are broken
Reply
rick jones
Honored Contributor

тАО09-15-2003 10:14 AM

тАО09-15-2003 10:14 AM

Re: How not to cache a DNS lookup

Does the CC company give any particularly compelling reason for rotating the IPs? On the surface, it sounds rather bogus. Are they trying to do load balancing or something?

In addition to all the discussion of how to get a caching DNS server to not cache replies, you have to consider client application behaviour. While the HP-UX name resolver library will not cache replies (IIRC), you have to make sure that your client application makes a fresh gethostbyname/getaddrinfo (prefered to gethostbyname so you can start getting ready for IPv6...) call before each attempt to connect().

If the client code is run from scratch on each request then that will happen naturally.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО09-15-2003 10:24 AM

тАО09-15-2003 10:24 AM

Re: How not to cache a DNS lookup

After thinking about this more, it sounds as though the credit card company is using a "round-robin" pool of IP addresses for the same hostname. This is a fairly common method of ditributing services among a number of servers. When I first read your posting, it seemed that a given IP address would only be valid for 15 seconds or so but typically those DNS servers which hand out round robin IP addresses expect ANY of the IP addresses so returned to be valid with no restrictions. The idea is that client A gets one IP address, client B gets another, and client C gets still another until the circular list rolls over. --- but all three should be able to use the same IP address. You really need to find out if this really matters.
If it ain't broke, I can fix that.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.