Mdthbs

How can I fix this gap between bookcases I made?

Could Giant Ground Sloths have been a good pack animal for the ancient Mayans?

Why was the "bread communication" in the arena of Catching Fire left out in the movie?

Calculate Levenshtein distance between two strings in Python

Doomsday-clock for my fantasy planet

What do the Banks children have against barley water?

Patience, young "Padovan"

I see my dog run

Domain expired, GoDaddy holds it and is asking more money

Does it makes sense to buy a new cycle to learn riding?

If a centaur druid Wild Shapes into a Giant Elk, do their Charge features stack?

Information to fellow intern about hiring?

Is there a name of the flying bionic bird?

How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)

How to deal with fear of taking dependencies

Can the Produce Flame cantrip be used to grapple, or as an unarmed strike, in the right circumstances?

Ideas for 3rd eye abilities

Does a dangling wire really electrocute me if I'm standing in water?

Is there any use for defining additional entity types in a SOQL FROM clause?

How to move the player while also allowing forces to affect it

Filling an area between two curves

Why airport relocation isn't done gradually?

What causes the sudden spool-up sound from an F-16 when enabling afterburner?

Email Account under attack (really) - anything I can do?

Reduce bind9 cache on a forwarded zone only

Multiple named processes for bind9 in DebianHow to configure bind9 caching periodHow to deal with growing BIND9 log filesBind9 not forwarding DNSProblem with Bind9 initial configurationBind9 Reverse Zone Replication Errorbind9 reverse resolve problemSamba integration with existing OpenLDAP, MIT Kerberos and Bind9 servicesCan't get authoritative DNS server working (BIND9)BIND9 DNS zone file check reveals “ignoring out-of-zone data”

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

0

1

I have a caching recursive DNS server running bind9. For a single local zone, I have a forwarder set up with type forward and forward only, which works fine. I want to limit any caching of the forwarded zone to 5 seconds (both positive and negative responses). The server I am forwarding to is local, cannot be fiddled with, and sadly has less than helpful values for cache TTL etc. for records it generates dynamically (in essence it's making an assumption that it is the caching resolver for everything).

I would use max-cache-ttl and max-ncache-ttl save that as far as I can tell max-cache-ttl and max-ncache-ttl only apply globally, or to a view.

Here's my configuration:

zone "example.local." {

     type forward;

     forward only;

     // max-cache-ttl 5;   <--- does not work here

     // max-ncache-ttl 5;  <--- does not work here

     forwarders {

          192.200.1.10;   // on same LAN

     };

};

Ideally I don't want to turn caching off entirely but that would be an option if it's the only thing I can do.

Any ideas?

bind9

share|improve this question

asked Jul 24 '15 at 11:11

ablighabligh

28719

bumped to the homepage by Community♦ yesterday

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

0

1

I have a caching recursive DNS server running bind9. For a single local zone, I have a forwarder set up with type forward and forward only, which works fine. I want to limit any caching of the forwarded zone to 5 seconds (both positive and negative responses). The server I am forwarding to is local, cannot be fiddled with, and sadly has less than helpful values for cache TTL etc. for records it generates dynamically (in essence it's making an assumption that it is the caching resolver for everything).

I would use max-cache-ttl and max-ncache-ttl save that as far as I can tell max-cache-ttl and max-ncache-ttl only apply globally, or to a view.

Here's my configuration:

zone "example.local." {

     type forward;

     forward only;

     // max-cache-ttl 5;   <--- does not work here

     // max-ncache-ttl 5;  <--- does not work here

     forwarders {

          192.200.1.10;   // on same LAN

     };

};

Ideally I don't want to turn caching off entirely but that would be an option if it's the only thing I can do.

Any ideas?

bind9

share|improve this question

asked Jul 24 '15 at 11:11

ablighabligh

28719

bumped to the homepage by Community♦ yesterday

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I have a caching recursive DNS server running bind9. For a single local zone, I have a forwarder set up with type forward and forward only, which works fine. I want to limit any caching of the forwarded zone to 5 seconds (both positive and negative responses). The server I am forwarding to is local, cannot be fiddled with, and sadly has less than helpful values for cache TTL etc. for records it generates dynamically (in essence it's making an assumption that it is the caching resolver for everything).

I would use max-cache-ttl and max-ncache-ttl save that as far as I can tell max-cache-ttl and max-ncache-ttl only apply globally, or to a view.

Here's my configuration:

zone "example.local." {

     type forward;

     forward only;

     // max-cache-ttl 5;   <--- does not work here

     // max-ncache-ttl 5;  <--- does not work here

     forwarders {

          192.200.1.10;   // on same LAN

     };

};

Ideally I don't want to turn caching off entirely but that would be an option if it's the only thing I can do.

Any ideas?

bind9

share|improve this question

asked Jul 24 '15 at 11:11

ablighabligh

28719

zone "example.local." {

     type forward;

     forward only;

     // max-cache-ttl 5;   <--- does not work here

     // max-ncache-ttl 5;  <--- does not work here

     forwarders {

          192.200.1.10;   // on same LAN

     };

};

share|improve this question

asked Jul 24 '15 at 11:11

ablighabligh

28719

share|improve this question

asked Jul 24 '15 at 11:11

ablighabligh

28719

asked Jul 24 '15 at 11:11

ablighabligh

28719

asked Jul 24 '15 at 11:11

ablighabligh

28719

1 Answer
1

active

oldest

votes

0

I don't believe there's an easy way of doing it through configuration only. This question on Server Fault discusses the pros and cons and has a suggestion that involves patching the BIND source (but that patch won't allow you to do it for a single zone only).

An alternative approach would be to transfer the zone from the server you're forwarding to, modify the TTLs and then have your local BIND configured as authoritative for that zone. Yes, it's a hack but it's easily scriptable and it will work.

If you're not tied to BIND, what you want is possible with Unbound - see the cache-max-ttl option:

Time to live maximum for RRsets and messages in the cache. Default is
86400 seconds (1 day). If the maximum kicks in, responses to clients
still get decrementing TTLs based on the original (larger) values.
When the internal TTL expires, the cache item has expired. Can be set
lower to force the resolver to query for data often, and not trust
(very large) TTL values.

share|improve this answer

edited Apr 13 '17 at 12:13

Community♦

1

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f218137%2freduce-bind9-cache-on-a-forwarded-zone-only%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

I don't believe there's an easy way of doing it through configuration only. This question on Server Fault discusses the pros and cons and has a suggestion that involves patching the BIND source (but that patch won't allow you to do it for a single zone only).

An alternative approach would be to transfer the zone from the server you're forwarding to, modify the TTLs and then have your local BIND configured as authoritative for that zone. Yes, it's a hack but it's easily scriptable and it will work.

If you're not tied to BIND, what you want is possible with Unbound - see the cache-max-ttl option:

Time to live maximum for RRsets and messages in the cache. Default is
86400 seconds (1 day). If the maximum kicks in, responses to clients
still get decrementing TTLs based on the original (larger) values.
When the internal TTL expires, the cache item has expired. Can be set
lower to force the resolver to query for data often, and not trust
(very large) TTL values.

share|improve this answer

edited Apr 13 '17 at 12:13

Community♦

1

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526

add a comment | 

0

I don't believe there's an easy way of doing it through configuration only. This question on Server Fault discusses the pros and cons and has a suggestion that involves patching the BIND source (but that patch won't allow you to do it for a single zone only).

An alternative approach would be to transfer the zone from the server you're forwarding to, modify the TTLs and then have your local BIND configured as authoritative for that zone. Yes, it's a hack but it's easily scriptable and it will work.

If you're not tied to BIND, what you want is possible with Unbound - see the cache-max-ttl option:

Time to live maximum for RRsets and messages in the cache. Default is
86400 seconds (1 day). If the maximum kicks in, responses to clients
still get decrementing TTLs based on the original (larger) values.
When the internal TTL expires, the cache item has expired. Can be set
lower to force the resolver to query for data often, and not trust
(very large) TTL values.

share|improve this answer

edited Apr 13 '17 at 12:13

Community♦

1

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526

add a comment | 

I don't believe there's an easy way of doing it through configuration only. This question on Server Fault discusses the pros and cons and has a suggestion that involves patching the BIND source (but that patch won't allow you to do it for a single zone only).

An alternative approach would be to transfer the zone from the server you're forwarding to, modify the TTLs and then have your local BIND configured as authoritative for that zone. Yes, it's a hack but it's easily scriptable and it will work.

If you're not tied to BIND, what you want is possible with Unbound - see the cache-max-ttl option:

Time to live maximum for RRsets and messages in the cache. Default is
86400 seconds (1 day). If the maximum kicks in, responses to clients
still get decrementing TTLs based on the original (larger) values.
When the internal TTL expires, the cache item has expired. Can be set
lower to force the resolver to query for data often, and not trust
(very large) TTL values.

share|improve this answer

edited Apr 13 '17 at 12:13

Community♦

1

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526

share|improve this answer

edited Apr 13 '17 at 12:13

Community♦

1

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526

edited Apr 13 '17 at 12:13

Community♦

1

edited Apr 13 '17 at 12:13

Community♦

1

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526

answered Jul 24 '15 at 11:41

mjturnermjturner

4,2561526