Cooking with DNS & BIND
Pages: 1, 2
Viewing a Name Server's Cache
You want to view a name server's cached data.
rndc dumpdb (BIND 9) or
ndc dumpdb (BIND 8) to dump the cache to disk, then look through the dump file.
BIND 9 name servers only dump the contents of the cache to disk by default, but BIND 8 name servers dump both the contents of cache and authoritative zone data to disk, so you'll have to find the cached records in the file.
To determine which records in a BIND 8 database dump were cached, look at the TTLs and the contents of the comment field. Authoritative zone data will have the nice, round TTLs you configured, while cached records will have had their TTLs decremented by the number of seconds they've been in the cache. Cached records will also have "
Cr=" as a comment at the end of the record, giving the credibility level of the record (an indication of the quality of the cached record). For example, these records were cached from an authoritative response from the name server at
. 518380 IN NS I.ROOT-SERVERS.NET. ;Cr=auth [22.214.171.124] 518380 IN NS E.ROOT-SERVERS.NET. ;Cr=auth [126.96.36.199] 518380 IN NS D.ROOT-SERVERS.NET. ;Cr=auth [188.8.131.52] 518380 IN NS A.ROOT-SERVERS.NET. ;Cr=auth [184.108.40.206] 518380 IN NS H.ROOT-SERVERS.NET. ;Cr=auth [220.127.116.11] 518380 IN NS C.ROOT-SERVERS.NET. ;Cr=auth [18.104.22.168] 518380 IN NS G.ROOT-SERVERS.NET. ;Cr=auth [22.214.171.124] 518380 IN NS F.ROOT-SERVERS.NET. ;Cr=auth [126.96.36.199] 518380 IN NS B.ROOT-SERVERS.NET. ;Cr=auth [188.8.131.52] 518380 IN NS J.ROOT-SERVERS.NET. ;Cr=auth [184.108.40.206] 518380 IN NS K.ROOT-SERVERS.NET. ;Cr=auth [220.127.116.11] 518380 IN NS L.ROOT-SERVERS.NET. ;Cr=auth [18.104.22.168] 518380 IN NS M.ROOT-SERVERS.NET. ;Cr=auth [22.214.171.124]
Remember that dumping the cache to disk has no effect on the contents of the cache. If you want to flush (clear) the cache, see Flushing (Clearing) a Name Server's Cache.
You want to flush bad records from a name server's cache.
If you run a BIND 9.2.0 or newer name server, you can flush the cache with
rndc flush. With older name servers, you need to kill the name server and restart it to flush the cache. You can do that in one fell swoop with
rndc restart or
Clearing the cache is really a side effect of killing the name server, since BIND name servers only store cached data in memory. Since restarting the name server takes time, especially if the name server is authoritative for many zones,
rndc flush is a better option.
If you run multiple views on your BIND 9.2.0 or newer name server, you can flush the cache in only one view using
# rndc flush internal
BIND 9.3.0 will support flushing all of the records attached to a particular domain name with
rndc flushname. For example:
# rndc flushname cnn.com
Modifying Zone Data Without Restarting the Name Server
You want to modify your zone data without restarting the name server.
Make the change to the zone data file. For BIND 9, run:
# rndc reload domain-name-of-zone
For BIND 8, run:
# ndc reload domain-name-of-zone
If you've modified multiple zones, just list them after
reload. For example:
# rndc reload foo.example bar.example
Remember to increment the serial number in your zone's SOA record after changing the zone data. The primary master reloads the zone regardless of whether you've incremented the serial number, since the file's modification time has changed, but your zone's slaves only have the serial number to tell them whether the zone has been updated.
Reloading individual zones, as shown above, was introduced in BIND 8.2.1 and again in 9.1.0. With older versions of BIND, just use
rndc reload or
ndc reload, as appropriate. That takes a little more time, since the name server checks all zone data files to see which have changed.
If you're reloading a zone that exists in multiple views on a BIND 9 name server, specify the view with
rndc reload domain-name-of-zone class view. For example:
# rndc reload foo.example in external
Unfortunately, you can't leave out the class, even though you're unlikely ever to reload a non-Internet class zone.
Telling a BIND 9 name server to reload a dynamically updated zone has no effect, since the name server doesn't expect you to update the zone manually. Telling a BIND 8 name server to reload a dynamically updated zone may work--or you may lose your manual changes.
Dynamic update is, of course, another way to update zone data without restarting the name server; see "See Dynamically Updating a Zone" in Chapter 7 for details.
Cricket Liu is the co-author of all of O'Reilly's Nutshell Handbooks on the Domain Name System, "DNS and BIND," "DNS on Windows NT," "DNS on Windows 2000," "DNS on Windows Server 2003," and the "DNS & BIND Cookbook," and was the principal author of Managing Internet Information Services.
Return to the O'Reilly Network.