Using BIND9 as a Caching Server, is there a way to set the expiration of the cached items/names?
My BIND9 is currently running fine but is there a way to set the expiration time/date of the cached names? If so, how?
Thanks in advance guys
bind caching
add a comment |
My BIND9 is currently running fine but is there a way to set the expiration time/date of the cached names? If so, how?
Thanks in advance guys
bind caching
add a comment |
My BIND9 is currently running fine but is there a way to set the expiration time/date of the cached names? If so, how?
Thanks in advance guys
bind caching
My BIND9 is currently running fine but is there a way to set the expiration time/date of the cached names? If so, how?
Thanks in advance guys
bind caching
bind caching
asked Feb 18 '14 at 16:21
Abel Melquiades CallejoAbel Melquiades Callejo
5151617
5151617
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The expiration time is known as the "TTL" or time to live. You set this variable in you configuration file, typically /etc/bind/db.local
or whatever config file you are using.
TTL is in seconds, so set it to a lower value, 60x60 = 3600 for an hour for examlpe
sudo -e /etc/bind/db.local
Set the ttl:
$TTL 3600
and restart bind.
For additional information see:
How do I do a complete BIND9 DNS Server Configuration with a hostname?
and
https://help.ubuntu.com/10.04/serverguide/dns-configuration.html
I'm just using bind as a caching server only. And the only config file I edited was/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line$TTL 3600
in/etc/bind/named.conf.options
? I really appreciate your help man
– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
add a comment |
Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA
record for the zone contains the TTL for negative results.
Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.
For example, when I resolve google.de
:
google.de. 300 IN A 216.58.205.227
If I do it again ten seconds later:
google.de. 290 IN A 216.58.205.227
The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.
So, lifetime is tracked per record.
When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.
When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.
When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.
In either case, you can limit the TTL for cached records on your server using the max-cache-ttl
and max-ncache-ttl
settings in BIND.
In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.
In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.
Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.
tl;dr: you can, but you shouldn't.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f422675%2fusing-bind9-as-a-caching-server-is-there-a-way-to-set-the-expiration-of-the-cac%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The expiration time is known as the "TTL" or time to live. You set this variable in you configuration file, typically /etc/bind/db.local
or whatever config file you are using.
TTL is in seconds, so set it to a lower value, 60x60 = 3600 for an hour for examlpe
sudo -e /etc/bind/db.local
Set the ttl:
$TTL 3600
and restart bind.
For additional information see:
How do I do a complete BIND9 DNS Server Configuration with a hostname?
and
https://help.ubuntu.com/10.04/serverguide/dns-configuration.html
I'm just using bind as a caching server only. And the only config file I edited was/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line$TTL 3600
in/etc/bind/named.conf.options
? I really appreciate your help man
– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
add a comment |
The expiration time is known as the "TTL" or time to live. You set this variable in you configuration file, typically /etc/bind/db.local
or whatever config file you are using.
TTL is in seconds, so set it to a lower value, 60x60 = 3600 for an hour for examlpe
sudo -e /etc/bind/db.local
Set the ttl:
$TTL 3600
and restart bind.
For additional information see:
How do I do a complete BIND9 DNS Server Configuration with a hostname?
and
https://help.ubuntu.com/10.04/serverguide/dns-configuration.html
I'm just using bind as a caching server only. And the only config file I edited was/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line$TTL 3600
in/etc/bind/named.conf.options
? I really appreciate your help man
– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
add a comment |
The expiration time is known as the "TTL" or time to live. You set this variable in you configuration file, typically /etc/bind/db.local
or whatever config file you are using.
TTL is in seconds, so set it to a lower value, 60x60 = 3600 for an hour for examlpe
sudo -e /etc/bind/db.local
Set the ttl:
$TTL 3600
and restart bind.
For additional information see:
How do I do a complete BIND9 DNS Server Configuration with a hostname?
and
https://help.ubuntu.com/10.04/serverguide/dns-configuration.html
The expiration time is known as the "TTL" or time to live. You set this variable in you configuration file, typically /etc/bind/db.local
or whatever config file you are using.
TTL is in seconds, so set it to a lower value, 60x60 = 3600 for an hour for examlpe
sudo -e /etc/bind/db.local
Set the ttl:
$TTL 3600
and restart bind.
For additional information see:
How do I do a complete BIND9 DNS Server Configuration with a hostname?
and
https://help.ubuntu.com/10.04/serverguide/dns-configuration.html
edited Apr 13 '17 at 12:24
Community♦
1
1
answered Feb 18 '14 at 16:41
PantherPanther
79.6k14158259
79.6k14158259
I'm just using bind as a caching server only. And the only config file I edited was/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line$TTL 3600
in/etc/bind/named.conf.options
? I really appreciate your help man
– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
add a comment |
I'm just using bind as a caching server only. And the only config file I edited was/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line$TTL 3600
in/etc/bind/named.conf.options
? I really appreciate your help man
– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
I'm just using bind as a caching server only. And the only config file I edited was
/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line $TTL 3600
in /etc/bind/named.conf.options
? I really appreciate your help man– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I'm just using bind as a caching server only. And the only config file I edited was
/etc/bind/named.conf.options
. The tutorial that I followed was this link. Can I just put the line $TTL 3600
in /etc/bind/named.conf.options
? I really appreciate your help man– Abel Melquiades Callejo
Feb 18 '14 at 16:52
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
I believe so, is there already a line defining TTL ? If so, then yes.
– Panther
Feb 18 '14 at 17:01
add a comment |
Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA
record for the zone contains the TTL for negative results.
Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.
For example, when I resolve google.de
:
google.de. 300 IN A 216.58.205.227
If I do it again ten seconds later:
google.de. 290 IN A 216.58.205.227
The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.
So, lifetime is tracked per record.
When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.
When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.
When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.
In either case, you can limit the TTL for cached records on your server using the max-cache-ttl
and max-ncache-ttl
settings in BIND.
In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.
In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.
Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.
tl;dr: you can, but you shouldn't.
add a comment |
Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA
record for the zone contains the TTL for negative results.
Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.
For example, when I resolve google.de
:
google.de. 300 IN A 216.58.205.227
If I do it again ten seconds later:
google.de. 290 IN A 216.58.205.227
The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.
So, lifetime is tracked per record.
When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.
When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.
When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.
In either case, you can limit the TTL for cached records on your server using the max-cache-ttl
and max-ncache-ttl
settings in BIND.
In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.
In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.
Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.
tl;dr: you can, but you shouldn't.
add a comment |
Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA
record for the zone contains the TTL for negative results.
Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.
For example, when I resolve google.de
:
google.de. 300 IN A 216.58.205.227
If I do it again ten seconds later:
google.de. 290 IN A 216.58.205.227
The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.
So, lifetime is tracked per record.
When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.
When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.
When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.
In either case, you can limit the TTL for cached records on your server using the max-cache-ttl
and max-ncache-ttl
settings in BIND.
In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.
In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.
Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.
tl;dr: you can, but you shouldn't.
Each DNS record already contains a Time To Live (TTL) value that specifies the number of seconds it may be cached for, and the SOA
record for the zone contains the TTL for negative results.
Whenever a result is forwarded from a DNS that is not the authoritative server for the zone, the TTL is reduced by the time that the result had been cached already.
For example, when I resolve google.de
:
google.de. 300 IN A 216.58.205.227
If I do it again ten seconds later:
google.de. 290 IN A 216.58.205.227
The original TTL of the record was most likely 300, and my provider's DNS cached it after I first asked, and returned the cached result to me on the second iteration.
So, lifetime is tracked per record.
When you run your own DNS server, there are two ways for it to resolve names: using a forwarder, or doing a hierarchical lookup.
When you use a forwarder, your server simply queries another caching server, and will get a cached result with a shortened TTL if the other server already has a copy of that record. There is no way to tell the age of that cached entry, only when it is supposed to expire.
When you do recursive lookups yourself, you are pretty much guaranteed to get fresh results, at the expense of having to do a lookup for every path component on the way. If your link has a high round-trip time (GPRS or satellite link), it is likely that the original request from the application will time out before your server has had a chance to get the result.
In either case, you can limit the TTL for cached records on your server using the max-cache-ttl
and max-ncache-ttl
settings in BIND.
In a forwarder setup, this will not help much, because all it will do is make your server query the forwarder again, which will reply with the cached value if it is still valid.
In a recursive setup, this will shorten the time your server caches results — but all results on all levels. So after that timeout has elapsed, it will re-do the full recursive query.
Generally, DNS administrators take great care to set adequate TTLs on records, for example I will use 60 seconds on the records I use to find my home network, while my servers have a TTL of one day. When I plan to move a server, I will reduce its TTL to an hour on the day before, and to five minutes before I leave for the datacenter, so you will get reasonable TTLs from caches. Second-guessing me will only give you degraded performance as your DNS refreshes entries unnecessarily. If some records are often outdated, that is a configuration problem on the other person's end, not on your side.
tl;dr: you can, but you shouldn't.
answered Jan 25 at 12:47
Simon RichterSimon Richter
1,976119
1,976119
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f422675%2fusing-bind9-as-a-caching-server-is-there-a-way-to-set-the-expiration-of-the-cac%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown