Do not cache certain domains

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Do not cache certain domains

Ben Lavender
Hi,

Without having to alter the TTL of the existing RRs as well as the
default TTL. I know this can be done using cache-max-ttl to limit the
whole cache, but can this be done for say one single or multiple defined
domains only?

Thanks

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Do not cache certain domains

Ben Lavender
Anyone think they may know the answer to this?

Thanks

Ben

On 07/09/2020 23:00, Ben Lavender wrote:
> Hi,
>
> Without having to alter the TTL of the existing RRs as well as the
> default TTL. I know this can be done using cache-max-ttl to limit the
> whole cache, but can this be done for say one single or multiple
> defined domains only?
>
> Thanks
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Do not cache certain domains

Bind-Users forum mailing list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote:
> Anyone think they may know the answer to this?

With the cooperation of the "certain domains" master servers, just slave
the zones. The masters should be configured to send you notify messages
on zone changes, so you always have the current authoritative contents.

Of course, if you are trying to avoid caching google.com, that won't
work.


-----BEGIN PGP SIGNATURE-----

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1o/ehUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFijgCeP/0k4923K9ha21b8SfFardvTYJYA
njg5U3NImciTSJEZn1eMzsgtNuAY
=4J6o
-----END PGP SIGNATURE-----


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Do not cache certain domains

Bind-Users forum mailing list
In reply to this post by Ben Lavender
On Mon, Sep 7, 2020 at 6:01 PM Ben Lavender <[hidden email]> wrote:
> Without having to alter the TTL of the existing RRs as well as the
> default TTL. I know this can be done using cache-max-ttl to limit the
> whole cache, but can this be done for say one single or multiple defined
> domains only?

AFAIK there's no specially designed way to handle this, so achieving it will
basically mean cobbling some parts together.

max-cache-ttl is usable in a view statement, and each view by default gets its
own cache.

With the caveat that this might not be the best way and I haven't
actually tested it,
I'd try this.  Set up a view that bound a listener to an interface
alias on your host,
and inside that view clamp down max-cache-ttl however you like.   Back in your
main configuration set up the zone(s) to forward to that private listener.

I think even on the first hit, the TTL that your main resolver sees
will be the one
that got clamped in the view resolver, but I'm not positive about that.

You will also get double the number of cache entries for each lookup, of course.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Do not cache certain domains

Ben Lavender
In reply to this post by Bind-Users forum mailing list
Thanks, yes the second is actually the aim. We don't have secondaries
since we use ADDS and BIND simply acts as a recursive service for the
other internal domains.

On 10/09/2020 16:01, Carl Byington wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote:
>> Anyone think they may know the answer to this?
> With the cooperation of the "certain domains" master servers, just slave
> the zones. The masters should be configured to send you notify messages
> on zone changes, so you always have the current authoritative contents.
>
> Of course, if you are trying to avoid caching google.com, that won't
> work.
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1o/ehUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsFijgCeP/0k4923K9ha21b8SfFardvTYJYA
> njg5U3NImciTSJEZn1eMzsgtNuAY
> =4J6o
> -----END PGP SIGNATURE-----
>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users