On Jan 22 2009, LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN wrote:
My goal is for my authoritiative server to use its memory cache to
reply to the queries its authoritiative for. However, it should not
satisfy all other queries - NO to recursion ;) . Overall, I'm wondering
what affect setting "allow-query-cache" to "none" has on the performance
of authoritative name servers.
On performance? None at all, to a good approximation. It's more
a security issue.
If you set "recursion no", then no-one external can cause anything
to be fetched into the cache. However, BIND itself can still use it
for internal purposes. For example, it will look up the addresses
of hosts specified in NS records so that it can send NOTIFY packets
to them.
It's probably best if you don't let the outside world see the (small)
cache content thus populated. We use
allow-query { any; };
allow-query-cache { [local debugging interfaces only]; };
recursion no;
for our authoritative-only nameservers. (Some individual zones then have
overrides on allow-query.)
I think a lot of your confusion is due to thinking that the cache
includes the authoritative zone data. It doesn't.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
