Hi all, Currently, I use bind9 as the local dns cache server and a forwarder only server.
I set the dnscrpyt-proxy running on local port 50 as the upstream dns server for my bind9 dns cache server. In addtition, I also want to have long TTL so that I can obtain a short inquiry respond time. For all of the above purposes, I use the following configure file: ------------------- $ cat /etc/bind/named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; forward only; forwarders {127.0.0.1 port 50 ;} ; cleaning-interval 1440; max-cache-ttl 2419200; max-ncache-ttl 86400; max-cache-size unlimited; stacksize unlimited; datasize unlimited; coresize unlimited; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== // dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; ----------------------- Then I restart my dns server with the followoing command to let the above config take in effect: sudo service bind9 restart But, I still have low TTL, because I've tried that the following command: ---------------- werner@debian:~$ dig ssh.sshcenter.info ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ssh.sshcenter.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 676 ;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ssh.sshcenter.info. IN A ;; ANSWER SECTION: ssh.sshcenter.info. 60 IN CNAME c-ssh.cloudkvm.net. c-ssh.cloudkvm.net. 60 IN A 23.226.226.124 c-ssh.cloudkvm.net. 60 IN A 69.197.147.93 c-ssh.cloudkvm.net. 60 IN A 96.44.134.231 c-ssh.cloudkvm.net. 60 IN A 107.150.4.170 c-ssh.cloudkvm.net. 60 IN A 162.211.227.83 c-ssh.cloudkvm.net. 60 IN A 173.254.237.179 c-ssh.cloudkvm.net. 60 IN A 192.3.23.197 c-ssh.cloudkvm.net. 60 IN A 192.161.175.143 c-ssh.cloudkvm.net. 60 IN A 192.227.161.20 c-ssh.cloudkvm.net. 60 IN A 199.119.224.224 c-ssh.cloudkvm.net. 60 IN A 199.233.236.200 c-ssh.cloudkvm.net. 60 IN A 23.90.4.124 c-ssh.cloudkvm.net. 60 IN A 23.92.50.22 c-ssh.cloudkvm.net. 60 IN A 23.94.104.29 ;; Query time: 1208 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Mar 28 14:04:01 2014 ;; MSG SIZE rcvd: 292 -------------------- Though in above query, the query time is 1208 msec, if I immediately do the second query, the query time will be dramtically shorttened. But after several minites, I will still obtain a long query time as the above one. The OS used by me is Debian GNU/Linux 7.4 (wheezy). Any hints on this issue? Regards -- Hongyi Zhao <hongyi.z...@gmail.com> Xinjiang Technical Institute of Physics and Chemistry Chinese Academy of Sciences GnuPG DSA: 0xD108493
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users