Using bind (named) as a public proxy server

Posted by TrentDavis on Server Fault See other posts from Server Fault or by TrentDavis
Published on 2013-06-28T01:38:02Z Indexed on 2013/06/28 4:22 UTC
Read the original article Hit count: 462

Filed under:

We have a Python DNS server that does a bunch of stuff to figure out values it should return for various DNS records. This works nicely, however as it is Python, the performance under high load won't be great.

What I would like to do is have a "proxy" bind server sit in front of it to return results to the public internet. This will cache the results (typically 15 minutes, some records are a few seconds), so the load on the Python server will be greatly reduced as it will only see one look up per domain (only about 100 domains) every 15 minutes.

The data in these domains changes a lot, so using a master won't work as it will constantly be changing.

I have something setup that looked like it would work great (using a forwarder for the zone), and tested it with dig etc, all going great.

However when we went to go live with it, things weren't working, and we figured out that named is not setting the "Authoritative" bit (fair enough, it is a forwarder).

So my question is, can we tell bind to set the Authoritative bit for forwarded domains? I have looked at all the doco I can find, and can't find anything about doing things this way. Most of the doco about using it as a proxy if for a LAN to the internet.

Ideally I would like to use bind as it is there and installed (CentOS 5 servers). But at a pinch we could look at a different name server to do the work if it just can't be done with bind.

Thanks.

© Server Fault or respective owner

Related posts about bind