DNS Cache that Autoupdates
-
This may be either a dumb question or something that isn't possible.
I'm about to order pfSense hardware to change my router.
I'm wanting to maintain my own DNS server and cache perhaps the top 1-5,000 domains. I want the database to update every 24-48 hours using Google or some other DNS database.
Is this possible? My goal is to reduce latency by not needing to send the DNS request to Google when the web page is loaded.
-
Since the DNS entries are cached once fetched and they persist for some period of time (based on the expire time the DNS server you query sets) a very simple way to accomplish this is to just do a name lookup of each host you want cached. If you want to be simple just use a single list, fancier use multiple lists based on the expire times. Dig will give you the expire times to play with and if run in batch mode will process your lists.
; <<>> DiG 9.9.6-P1 <<>> pfsense.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40735 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pfsense.com. IN A ;; ANSWER SECTION: pfsense.com. 35588 IN CNAME pfsense.org. pfsense.org. 300 IN A 208.123.73.69 ;; Query time: 153 msec ;; SERVER: 172.16.0.1#53(172.16.0.1) ;; WHEN: Sun Jun 12 18:52:09 MST 2016 ;; MSG SIZE rcvd: 81So for the pfsense sites as an example, pfsense.com shows 35588 while pfsense.org shows 300 seconds when checked from my pfSense system which is served by OpenDNS.com.
It is a bit more complicated than that in some situations, this has a bit more detail: http://serverfault.com/questions/179630/how-can-i-see-time-to-live-ttl-for-a-dns-record
I don't know just how much time you are going to save here since new DNS fetches are only done if the cached record has expired. You will be saving one lookup every X seconds where X is set by the server you query.
Have you played with NameBench to see how your DNS is performing? https://code.google.com/archive/p/namebench/
-
"I want the database to update every 24-48 hours using Google or some other DNS database. "
You need to do some more research on how dns caching works..
While stan tried to go into how ttl works, his example is just bad.. The ttl on cname of pfsense.com is large, while the A record is short.. He did not get that A record from his cache because it would of been something less than 300 and it wouldn't of taken 153 ms to pull it from his cache..
So here is query that was authoritative
;; QUESTION SECTION: ;pfsense.org. IN A ;; ANSWER SECTION: pfsense.org. 300 IN A 208.123.73.69 ;; Query time: 31 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Mon Jun 13 06:10:54 Central Daylight Time 2016Notice how it took 31 msec… I then looked it up again and was 0 msec because it just grabbed it from the cache notice how the ttl has started counting down from the 300
;; QUESTION SECTION: ;pfsense.org. IN A ;; ANSWER SECTION: pfsense.org. 292 IN A 208.123.73.69 ;; Query time: 0 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Mon Jun 13 06:11:02 Central Daylight Time 2016Currently pfsense uses unbound as resolvler and not a forwarder out of the box. But if your using the forwarder dnsmasq or unbound the resolver they both cache. And items will be cached for the length of their ttl. This is how dns is designed to work. There really is little need to pre-populate this cache or update it on any sort of schedule.
But if you wanted you could turn on the prefetch feature in unbound..
