On 22-Jan-2009, at 16:00 , LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN wrote:
Hello, Thank you for answering my quesiton yesterday.I have a new question about allow-query-cache and its effect on a dns server' response resolution time.allow-query-cache "specifies which hosts are allowed to get answers from the cache". I'm assuming this is refering to the memory cache. If allow-query-cache is set to "none" in options/views statement does it mean that the DNS server's query response time would be less efficient/slower than with setting allow-query-cache to "any"? If the answer is allow-query-cache is leff efficient, is it possible to override the setting for some zones and how? allow-query-cache cannot be used within zone statements.
I'm going to assume you're talking about a recursive server and not an authoritative server.
You generally do not want to restrict caching by zone, but rather by query source. That is, you want the computers in your network to be able to do recursion (and get responses from cache) for all zones, but you do not want computers outside your network (outside of your control) using your recursive server at all, because that makes you a vector for denial of service against other people's networks.
Normally, the setting on a recursive server for allow-query-cache will match your restrictions on recursion. That is, the same clients which are allowed to send recursive queries are allowed to get answers from cache.
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
