From owner-freebsd-questions@FreeBSD.ORG  Wed May 16 18:11:34 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1E5A516A400
	for <freebsd-questions@freebsd.org>;
	Wed, 16 May 2007 18:11:34 +0000 (UTC)
	(envelope-from mikhailg@webanoide.org)
Received: from shanshito.webanoide.org (shanshito.webanoide.org
	[150.101.108.110])
	by mx1.freebsd.org (Postfix) with ESMTP id 8A87C13C4AD
	for <freebsd-questions@freebsd.org>;
	Wed, 16 May 2007 18:11:33 +0000 (UTC)
	(envelope-from mikhailg@webanoide.org)
Received: from maxito.hba.navalradio.cl (maxito.hba.navalradio.cl
	[172.26.4.34]) (authenticated bits=0)
	by shanshito.webanoide.org (8.13.8/8.13.8) with ESMTP id l4GIBSpT098437
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 16 May 2007 18:11:31 GMT (envelope-from mikhailg@webanoide.org)
Message-ID: <464B494F.4090001@webanoide.org>
Date: Thu, 17 May 2007 04:11:27 +1000
From: Mikhail Goriachev <mikhailg@webanoide.org>
Organization: Webanoide
User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326)
MIME-Version: 1.0
To: Jack Barnett <jackbarnett@gmail.com>
References: <dedb607c0705151945s3fbc4011wad5bdd6cf90dfba6@mail.gmail.com>
In-Reply-To: <dedb607c0705151945s3fbc4011wad5bdd6cf90dfba6@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freeBSD <freebsd-questions@freebsd.org>
Subject: Re: DNS Cache - Bind
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2007 18:11:34 -0000

Jack Barnett wrote:
> I'm running Bind 9.3.4 on FreeBSD 6.2 for my local network.
> 
> It doesn't have any zones, it's just a local DNS that has a bunch of forwarders.
> 
> The first request is slow (between 150 and 300 ms) - but after that
> (the next query on same domain) is fast (less then 10 ms usually).
> This is nice and working the way I like it. :)
> 
> What I'm wondering though is:
> 
> a) How do I flush the cache if I need to (ie. need to get a new update
> from the forwards) - just restart named?


# man rndc

# rndc flush


> b) Are there any settings I can tweak that determine how long the
> cache is kept?  (ie. Say I want to keep all queries for 7 days before
> they are queried from the upstream DNS servers).  [This will probably
> screw up dynamic DNS sites, but want to see what settings are
> available]


# man named.conf

But this is what you're after:

max-cache-ttl integer;


www.isc.org has a lot more (detailed) info.


> c) Is there a easy way to 'blacklist' sites?  Say I want
> 'SpammerNetwork.com' to resolve to 127.0.0.1.


This is a great start:

http://www.cymru.com/Documents/secure-bind-template.html


> Basically I want to take this host file:
> http://www.mvps.org/winhelp2002/hosts.htm
> and then pump it into my DNS server, that way all the LAN clients are
> "protected" from these sites.
> Is there a way to do that?


Regards,
Mikhail.

-- 
Mikhail Goriachev
Webanoide

Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: mikhailg@webanoide.org
Web: www.webanoide.org