I am working on an application that will be used to verify new domains are configured correctly as they're set up for hosting. Part of this checks the validity of SPF, DomainKey, DKIM records, etc.
I currently use a default TTL of one hour for most of these records. Occasionally a mistake is found in one of the records so it needs to be updated. Currently, if I've just tested the domain I have to wait for the system's resolver's cached record to expire before I can verify it is correct with my application. (Yes, I can check manually but I wrote the application so I don't have to).
I would like to set up a DNS server on the system to act as a normal caching resolver except that it will expire records in a maximum of a set time such as five minutes or just not cache at all. Not all of the domains have DNS hosted on my normal name servers so this system would have to query the authoritative name servers for a domain rather that use upstream resolvers (which would just use their cached records).
This machine is not currently running DNS of any kind so I can install BIND or djbdns (or something else if there's a good suggestion.
Best Answer
Thank you all for your input and suggestions. They directed me to the following solution:
/etc/bind/named.conf.options
so that the forwarders are blank (so the server doesn't use another caching server's cached records).max-cache-ttl
andmax-ncache-ttl
options to 300 seconds. (reference)listen-on-v6 { any; };
tolisten-on-v6 { localhost; };
so the server isn't used by other systems. (reference)/etc/resolv.conf
to only includenameserver 127.0.0.1
so apps on the server use the new local server.I restarted bind9 and verified it's working:
TTLs are showing as 300 even though serverfault.com's record's published TTLs are 3600.