In this video, Chaim Krause explains how caching name servers are used. Explore uses and configuration options for the most common type of name server configuration on Linux.
- [Speaker] The first type of name server configuration that we'll look at is a caching name server. The basic task of a caching name server, sometimes called resolver, is to look things up, and then remember them so that the name server does not have to look them up again. Caching is a benefit because it takes a relatively long time to query remote name servers compared to calling up something from a local cache. The benefits of speeding up the queries of a single computer may be negligible, but when a caching name server handles the DNS queries for an entire LAN, the savings can add up to a significant amount of time saved.
Furthermore, if the DNS queries are being handled by caching name server, serving the LAN, then it reduces the amount of outbound network traffic as many queries will be answered before leaving the LAN. This type of DNS server is often what is assigned to individual computers, and they get their network configuration by DHCP. On other servers, a caching name server is the type of name server that is most often put in the /etc/resolv.conf file. This file is, of course, where computers' network configuration is held.
One of the downsides of using a caching name server is that it may return stale results. Query results are stored on the caching name server for the duration of the time to live provided by the authoritative name server. Therefore, the cache resource records will be returned by that name server for the duration of that TTL. In the meantime, the IP address or other pieces of information may have changed on the authoritative name server. The caching on a caching name server is only temporary, rebooting the computer will clear the entire cache.
It doesn't matter if you are being forced to reboot, or you're choosing to reboot, reloading of the configuration files for Bind will also clear the cache. You may wish to do this on purpose if you're going to clear the cache. Although technically a separate function than caching, recursive queries are more often not also handled by a caching name server. Recursive DNS queries occur often, and a recursive query is when multiple intermittent queries are needed to provide a final result to a single query.
Let's now take a look at what is necessary to properly configure Bind to perform as a caching name server. As with most configuration files, it is in the /etc/ directory, the file we want to modify is named .conf. As we look at this file, you will soon realize that it's the default configuration for a caching name server, let's see what that entails. The first item is the line, "recursion yes," this configures the name server to do recursive DNS queries as well as enable caching.
The next item is setting up the .zone file that provides data to Bind on where to locate the internet's root name servers. This will allow the resolution of top-level domains, and any query can be handled from there. That's it, that's all that's required for caching name server. Let me tell you about one other item that you may wish to configure as well: if your circumstances are such that your name server will be accessible via public interface, you may employ access control list. You first define the ACL at the top of the file, we will name this ACL internals and provide two networks as being allowed to query the name server.
The next step is to add allow recursive, internals, and you save this file, and you are done.
- Working with different types of name servers
- Working with zone files
- Setting up a basic name server
- Creating, verifying, loading, and testing the zone file
- Allowing queries from localnets
- Configuring an advanced name server
- Serving a website or email
- Adding security