BIND (forwarder+cached) – serve cached if forwarder fails

binddomain-name-system

I want to configure BIND as DNS forwarder and utilize caching too.

How can I configure it to serve cached results (even if beyond TTL) if forwarder fails?

This questions was already asked here but there was no answer posted – How to make BIND return old cached enties if all forwarders are failed?

Reason I need to do this, I have very bad ISP (and don't have better alternative available in my area). Often, all DNS lookup requests fails, I tried many free dns providers, they all fail during that period. Internet connectivity is not down, only DNS queries fails.

That's the reason behind my requirement, so when that happens, I can still continue doing my work, with cached DNS results (obviously which already exists in cache).

Best Answer

Using expired data is a really strong "must not" in the standards, so it would surprise me greatly if it's possible to get BIND to do that at all. You may want to look into alternative resolvers more closely aimed at personal use, or (since it sounds like your ISP intermittently blocks traffic to port 53) try getting a VPN tunnel and have your BIND use that.

Related Solutions

DNS – Why Aren’t DNS Records Propagating on the Internet?

Yes, you are misunderstanding how DNS works. I'm going to use some emphasis here, but please don't be offended as none is intended.

DNS RECORDS ARE NOT PROPAGATED. THEY ARE CACHED.

That being said, here's a simplified explanation of what happens:

You create a new DNS record (A, CNAME, etc)
A remote user (more specifically a process\application launched by the user) tries to access a service accessed via that DNS record (a web browser trying to access the web site running on funny.example.com for instance)
The users DNS client sends a DNS query to it's DNS server, the DNS server then finds your name servers (usually through a series of recursive DNS queries) and asks them for the information regarding funny.example.com
Your name servers respond with the answers
The users DNS server then sends this information to the user (more specifically to the users DNS client resolver), which in turn returns the information to the process\application. This information comes with what is called a TTL (Time To Live) that tells the DNS client resolver how long this information may be kept in it's DNS cache (in memory) and how long the information can be considered current and accurate
The user's DNS client resolver then flushes this information when the TTL expires. Any new requests for the DNS record(s) in question requires a new DNS lookup and the above process repeats.

So the long and short of it is this:

Your DNS records do not propagate. No other DNS server has a copy of your DNS records or zones. A DNS client or server may cache information about your DNS records or zones (based on their DNS queries of your DNS records and zones) into their DNS cache. This information is temporarily cached and will be removed from their DNS cache when the TTL expires.

If your name servers are down, only those DNS clients that have any of your DNS records in their cache will be able to resolve those DNS records and only until the TTL expires. Also, when the TTL expires (neccessitating a new DNS lokkup) those DNS clients will no longer be able to resolve your DNS records.

BIND – How to Open Debug Logging on Ubuntu

How to see what's going on:

To view what the server is doing live, if you have rndc configured run rndc trace x (where x is the debugging level you want to view).
To view what the server is doing live without rndc you'll have to run the server in foreground mode named -g -d x (where x is again is the debug level).
To configure logging to a file, open named.conf and edit/add a logging section such as:
```
logging {
        channel default_file {
                file "/var/log/named.log" size 10m;
                severity info;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category default{ default_file; };
};
```
Note that this configures the logging for "info" level and higher. This dumps quite a bit of information for a live server. Possible values include "extra", "debug", "info", "error", "fatal", and "dynamic" (a value for -d must be provided on the command line for dynamic).

What's wrong with your server:

Your server is looping back to itself while trying to recursively resolve the domain. Since this is only happening for one domain that you know if, it's likely a problem in your hosts file or in your named.conf file (probably the latter).

Getting request failed: duplicate query is almost always a problem with a forwarders directive that loops back to the server or something similar.

Best Answer

Related Solutions

DNS – Why Aren’t DNS Records Propagating on the Internet?

BIND – How to Open Debug Logging on Ubuntu

Related Topic