Running a Caching-Only Name Server

Running a Caching-Only Name Server

One DNS configuration that's common on small networks is a caching-only system. Such a name server is configured to not be authoritative for any domains (except possibly reverse DNS on the localhost network). Instead, the server's sole purpose is to cache external DNS requests . The idea is to provide quicker DNS lookups by maintaining a cache that's local, rather than relying on a remote DNS server. This configuration is particularly likely to improve perceived network speeds in Web browsers and the like when the link to the outside world is slow, such as a satellite-based broadband connection, which must cope with high latencies ”close to half a second for a two-way satellite system. Conventional telephone dial-up links also typically have latencies of around 200 ms, which is not as bad as a satellite setup, but can still produce a noticeable lag on lookups.

It's important to note that a local DNS cache won't improve lookup times if the address being looked up isn't in the local server's cache. Thus, this approach is most useful on a network with a fair number of users who tend to access many of the same sites, thus building up a cache that's likely to be exploited on a substantial fraction of DNS lookups.

A basic configuration for a caching-only name server is similar to that shown in Listing 18.1, but it would be missing most or all of the zone definitions. The only zones you might consider defining are the localhost reverse DNS zone ( 0.0.127.in-addr.arpa ) and the root zone ( . ). Even these zones aren't strictly necessary.

The most important feature of a caching-only BIND configuration is the forwarders and forward entries in the options section. The forwarders entry must list your ISP's DNS servers; BIND will use those systems to do its duties , and cache the results. Rather than forward first , as shown in Listing 18.1, you may want to use forward only . This configuration will cause the server to stop trying to resolve names if the forwarder systems don't respond.

WARNING

If you include the root zone and use forward first in the options section, BIND may attempt to look up addresses recursively if the forwarder systems fail. This is normally desirable, but it may slow down certain types of failure messages in a caching-only configuration, particularly if your Internet connection has high latencies.

As noted earlier in this chapter, slimmer packages than BIND can function as caching-only name servers, and may be superior choices for this role. Nonetheless, the caching-only BIND configuration is one of the simplest possible for BIND, and because BIND ships with all major distributions, it may be the simplest to set up. If you prefer something slimmer for this role, though, dnscache or pdnsd may be worth investigating.

When you configure a caching-only name server (or a more full-featured local name server), you should specify that system's IP address as the DNS server address for all your network's local computers. If you add a DNS server but fail to change existing local systems' DNS configurations, the local computers will continue to use whatever outside DNS servers they had been using.