If you have an intermittent or demand dial Internet link and you decide to run your own name server, you find that if you set up named to work correctly while your link is up, it fails miserably when the link is down. This is because named can no longer contact the root and other external name servers. Thus name lookups have to time out - up to 60 seconds per lookup. This affects any thing that tries to contact names that your own name server is not authoritive for.
Under BIND 4.9.3 I came up with a fudge that eliminated this delay. Unfortunately when I went to BIND 8.1.2 I found that the same fudge didn't work. However I have come up with an alternate method. The secret is to make your name-server authoritive for the WHOLE DNS name space when your Internet link isn't up. Obviously you don't have DNS data for the whole Internet, but queries to external names will get a negative reply immediately, eliminating the timeout wait.
NOTE! Indicating that your name-server is authoritive for the root domain while connected to the Internet is a BAD THING!. Apart from the number of queries you may receive, other machines will have whole top-level domains disappear as your name-server merrily tells them they don't exist. Of course no machines on the Internet should know about your name-server to query it, but odd things do happen. Limiting queries to your local net should prevent any disasters, but make sure that when your link is up that you don't have your name-server authoritive for the root domain.
So how to set this up. First set up your named.conf and zone files so that your name server works correctly while you're connected to the Internet. Copy your named.conf file to two files called named.conf.online & named.conf.offline. Then create a file called domain.root in your named data directory that looks similar to the following:
===========================================================================
#/var/named/pz/root.domain
@ IN SOA hazchem.smoke.local. hostmaster.smoke.local. (
1998042701 ; serial, todays date(yyyymmddss)
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
IN NS ns.smoke.local. ; name of root server
smoke.local. 86400 IN NS ns.smoke.local.
10.in-addr.arpa. 86400 IN NS ns.smoke.local.
ns.smoke.local. 86400 IN A 10.1.1.104
=============================================================================
Of course you should change the smoke.local and 10.in-addr.arpa domains
to what you use locally.Copy your named.conf file to 2 files called named.conf.online and named.conf.offline .
edit the "." entry in named.conf.offline to :
zone "." IN {
type master;
file root.domain
allow-query { 10.1.1.0/24; };
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
note that the allow-query { 10.1.1.0/24; }; line limits queries on this zone to the specified hosts. The address range specified should be that of your subnet. It might be a good idea to add this to all your domains to stop any possibility of you handing out incorrect DNS data to the rest of the Internet.
in your ip-up script put something like
cp /etc/named.conf.online /etc/named.conf /usr/sbin/ndc restartand in ip-down
cp /etc/named.conf.offline /etc/named.conf /usr/sbin/ndc restart
I believe that to fill your online cache quicker you can include the following in the ip-down file:
#dump existing named data /usr/sbin/ndc dump #copy it to the hints file, so that on restarting named with named.conf.online #the database will already have data, although many entries may have expired. cp /var/named/db.dump /var/named/root.cache #do normal restart cp /etc/named.conf.offline /etc/named.conf /usr/sbin/ndc restartHere is a copy of the three files I used...
=============================================================================
//named.conf.offline
options {
directory "/var/named";
// don't notify secondaries at changes
notify no;
};
zone "smoke.local" IN {
type master;
file "pz/smoke.local";
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "pz/10.1.1";
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "pz/127.0.0";
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
// our fake root domain !
zone "." IN {
type master;
file "root.domain";
// only allow root domain queries from our localnet.
allow-query { 10.1.1.0/24; };
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
=========================================================================
=========================================================================
//etc/named.conf.online
options {
directory "/var/named";
// don't notify secondaries at changes
notify no;
};
zone "smoke.local" IN {
type master;
file "pz/smoke.local";
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "pz/10.1.1";
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "pz/127.0.0";
check-names fail;
allow-update { none; };
allow-transfer { none; };
};
zone "." IN {
type hint;
file "root.cache";
};
===========================================================================
$Id: bind.html,v 1.1 1998/11/22 05:27:44 ic Exp $