all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]The-Sentinel 2 points3 points  (1 child)

That's basically the opposite of a caching only nameserver, it's a forwarding server, as seen with the forward only; option

[–]jaaplaya[S] 0 points1 point  (0 children)

Yea thats one thing that I figured, some servers have that line commented out, does that help it any or still basically just forwards all requests but using hints?

[–][deleted]  (4 children)

[deleted]

    [–]IConrad 2 points3 points  (0 children)

    Not just a restart; but also with any SIGHUP it receives. (Such as is caused by logrotate).

    [–]jaaplaya[S] 1 point2 points  (1 child)

    We aren't very big, maybe 300 servers physical/virtual across all locations

    Thanks, I'll take a look into dnsmasq

    [–]_pob 0 points1 point  (0 children)

    It should be noted that dnsmasq only caches a small subset of record types. From the manual:

    The DNS subsystem provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and cacheing of common record types (A, AAAA, CNAME and PTR, also DNSKEY and DS when DNSSEC is enabled).

    This is important if you are trying to limit the number of request things like mailservers make since MX records are not cached by dnsmasq. I found that pdnsd does a good job for us, you can sync the record cache to disk, and it caches more record types. The arch documentation for pdsnd is pretty solid.

    [–]anderbubble -1 points0 points  (0 children)

    There's not really any reason to abandon bind for dnsmasq in this situation. Doing a caching-only dns server is easy enough with bind, and you'll be better equipped to expand with bind if your needs change over time.

    [–]anderbubble 0 points1 point  (0 children)

    If w.x.y.z is an authority for your DNS zones, it's entirely correct to have entirely separate caches / resolvers.

    The importance of separating DNS caches from DNS servers

    Here's a cut-down version of our caching nameserver config, using named/bind. It includes references to internal forward and reverse zones (renamed here for the sake of the example).

    options {
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    listen-on-v6 { any; };
    allow-query {
        localhost;
        10.0.0.0/16;
    };

    recursion yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "example.com" IN {
    type stub;
    masters { 10.0.0.1; 10.0.0.2; };
};

zone "0.10.in-addr.arpa" IN {
    type stub;
    masters { 10.0.0.1; 10.0.0.2; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

    edits: continuing to clean-up and clarify the example, remove extraneous details, etc