How to allow bind to cache lookup queries

bindnamed-conf

I am using bind-9.3.6-4 in my CentOS 5. How can I allow bind to cache lookup queries so that
if there are similar queries it should check from my cache instead doing a lookup from the DNS servers mentioned in the "forwarders"?

Best Answer

An out of the box bind install via yum should be a caching.

There are three kinds of name servers - caching, resolving, and authoritative. Bind acts as all three out of the box, but you'll need to tell it what you want it to be authoritative for. You can use dig to query the server - the answer will have a decrementing counter in it that shows how long it will be before the cache expires. This is the TTL of the record and it should show the time left in the cache.

Here is sample output for a simple dig for google .com against a local name server.

$ dig google.com

; <<>> DiG 9.7.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53888
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             291     IN      A       173.194.33.20
google.com.             291     IN      A       173.194.33.16
google.com.             291     IN      A       173.194.33.18
google.com.             291     IN      A       173.194.33.17
google.com.             291     IN      A       173.194.33.19

;; Query time: 32 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Nov 29 14:54:02 2011
;; MSG SIZE  rcvd: 108

The 291 shows that this server has 291 seconds left to go before it resolves again, showing that the SERVER in the bottom lines will give out the same answer until google.com has expired from the cache.

I think a look at the dig documentation would do you well - it will allow you to ask an appropriate followup question.

Related Solutions

BIND – How to Open Debug Logging on Ubuntu

How to see what's going on:

To view what the server is doing live, if you have rndc configured run rndc trace x (where x is the debugging level you want to view).
To view what the server is doing live without rndc you'll have to run the server in foreground mode named -g -d x (where x is again is the debug level).
To configure logging to a file, open named.conf and edit/add a logging section such as:
```
logging {
        channel default_file {
                file "/var/log/named.log" size 10m;
                severity info;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category default{ default_file; };
};
```
Note that this configures the logging for "info" level and higher. This dumps quite a bit of information for a live server. Possible values include "extra", "debug", "info", "error", "fatal", and "dynamic" (a value for -d must be provided on the command line for dynamic).

What's wrong with your server:

Your server is looping back to itself while trying to recursively resolve the domain. Since this is only happening for one domain that you know if, it's likely a problem in your hosts file or in your named.conf file (probably the latter).

Getting request failed: duplicate query is almost always a problem with a forwarders directive that loops back to the server or something similar.

Tell BIND to not forward for domains used by DNS block list services

Try configuring zones for your blacklists, and configure them not to forward. Something like this should work. You will need one of these for each blacklist zone.

zone "blacklist.example.com" {
    type static-stub;
    recursion yes;
};

You will also need to setup the root zone so recursion will work. You likely already have done this.

Best Answer

Related Solutions

BIND – How to Open Debug Logging on Ubuntu

Tell BIND to not forward for domains used by DNS block list services

Related Topic