Re: Do not cache certain domains
Thanks, yes the second is actually the aim. We don't have secondaries since we use ADDS and BIND simply acts as a recursive service for the other internal domains. On 10/09/2020 16:01, Carl Byington wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote: Anyone think they may know the answer to this? With the cooperation of the "certain domains" master servers, just slave the zones. The masters should be configured to send you notify messages on zone changes, so you always have the current authoritative contents. Of course, if you are trying to avoid caching google.com, that won't work. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1o/ehUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFijgCeP/0k4923K9ha21b8SfFardvTYJYA njg5U3NImciTSJEZn1eMzsgtNuAY =4J6o -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Do not cache certain domains
On Mon, Sep 7, 2020 at 6:01 PM Ben Lavender wrote: > Without having to alter the TTL of the existing RRs as well as the > default TTL. I know this can be done using cache-max-ttl to limit the > whole cache, but can this be done for say one single or multiple defined > domains only? AFAIK there's no specially designed way to handle this, so achieving it will basically mean cobbling some parts together. max-cache-ttl is usable in a view statement, and each view by default gets its own cache. With the caveat that this might not be the best way and I haven't actually tested it, I'd try this. Set up a view that bound a listener to an interface alias on your host, and inside that view clamp down max-cache-ttl however you like. Back in your main configuration set up the zone(s) to forward to that private listener. I think even on the first hit, the TTL that your main resolver sees will be the one that got clamped in the view resolver, but I'm not positive about that. You will also get double the number of cache entries for each lookup, of course. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Do not cache certain domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote: > Anyone think they may know the answer to this? With the cooperation of the "certain domains" master servers, just slave the zones. The masters should be configured to send you notify messages on zone changes, so you always have the current authoritative contents. Of course, if you are trying to avoid caching google.com, that won't work. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1o/ehUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFijgCeP/0k4923K9ha21b8SfFardvTYJYA njg5U3NImciTSJEZn1eMzsgtNuAY =4J6o -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Do not cache certain domains
Anyone think they may know the answer to this? Thanks Ben On 07/09/2020 23:00, Ben Lavender wrote: Hi, Without having to alter the TTL of the existing RRs as well as the default TTL. I know this can be done using cache-max-ttl to limit the whole cache, but can this be done for say one single or multiple defined domains only? Thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users