Re: Disable caching

Barry Margolin wrote:

> In article <bb08o0$1jij$1@xxxxxxxxxxx>,
> Yoav Tobi <yoav.tobi@xxxxxxxxxxx> wrote:
> >Hi All;
> >My DNS server should be configure quite unusual.
> >I need to disable DNS deamon to uses caching.
>
> Why?
>
> >My DNS is working just as a zone forwarding (no local database is in
> >server).
> >How can I disable caching, so in every request to that DNS, it will forward
> >the request to other DNS which are configured
>
> I don't think BIND can do this.
>
> Maybe if you explain your higher goal, we can suggest a way to accomplish
> it.

My guess would be that the original poster's configuration can't tolerate its
cache being "poisoned" by Authority Section contents from the forwarders;
Authority Section contents that may point to the "real" (but inaccessible and/or
undesirable) nameservers for zones which are not subject to selective 
forwarding.
E.g. "foo.com" may be selectively-forwarded, but if "www.foo.com" is a CNAME to
"www.bar.com", where "bar.com" is *not* selectively-forwarded, then the cache 
may
end up "poisoned" with "bar.com" NS records pointing to nameservers which cannot
or should not be queried.

If my guess is correct, then I think the best answer is to re-architect this
configuration: institute "global" forwarding and then selectively override it 
with
different forwarders, or with "forwarders { }" in the parts of the namespace 
which
should be resolved iteratively (stub zones can be used for those, if one wishes 
to
avoid the overhead or possible zone-transfer restrictions of being a slave).

Another, kludgier approach is to try to limit the query content returned by the
forwarders (e.g. "minimal-responses yes") to minimize the extent of the cache
"poisoning".


- Kevin