Config multiple views, share recursive cache
From: https://kb.isc.org/docs/aa-00835
How do I configure multiple views to share the same recursive cache?
Updated on 06 Sep 2018
1 Minute to read
Contributors
[Suzanne Goldlust]
The attach-cache option is used to configure cache-sharing between views.
attach-cache cache_name;
By default, each view has its own unique cache. When using the attach-cache
option, you can specify a name for the cache that named creates for a view. If
multiple views share the same cache name, then as the additional views are
created, instead of creating a new cache for each, named links the views to the
same cache.
See the Administrator Reference Manual (ARM) for more detail.
However, caches can only be shared if they have identical policies. Here are
the settings that, if inconsistent between two caches with the same name, will
result in named failing to start :
- check-names
- cleaning-interval
- zero-no-soa-ttl
- max-cache-size
- max-cache-ttl
- max-ncache-ttl
- max-stale-ttl (from BIND 9.12)
- dnssec-validation (note that this is only effective with trust anchors
and/or DLV configured)
- dnssec-accept-expired
An error will be logged and named will fail to start if attach-cache is used to
configure cache-sharing between views with different cache policies. Here is an
example of this type of failure:
03-Dec-2012 12:15:47.231 views internal-only and external can't share the cache
due to configuration parameter mismatch
03-Dec-2012 12:15:47.231 loading configuration: failure
03-Dec-2012 12:15:47.231 exiting (due to fatal error)
The validation of cache policy only takes place when named starts
Administrators are advised that mismatched cache policies will not be detected by named-checkconf.
Handling authoritative zones in views
For information on setting up authoritative zones in views see Understanding
views in BIND 9, by example.