D. J. Bernstein
How to run an external cache in place of an existing BIND cache, strategy 2
These instructions assume that your network already has a computer using BIND
to find addresses of Internet hosts (BIND as a ``DNS cache'')
and to publish addresses of your own hosts (BIND as a ``DNS server'').
Here is how to use dnscache instead of BIND
to find addresses of Internet hosts.
If you have taken the
of having different computers (or at least different IP addresses)
for your DNS caches (listed in /etc/resolv.conf)
and your DNS servers (listed in NS records),
strategy 3 instead.
Strategy 3 is simpler than strategy 2.
If you can easily change /etc/resolv.conf
on all your client machines,
strategy 1 instead.
Strategy 2 is more complicated but avoids changing /etc/resolv.conf.
If you're an ISP and you've given your cache IP address
to thousands of client computers,
use strategy 2.
Separating DNS service from DNS caching
For concreteness, let's say you're running BIND on two computers,
dns1.panic.mil and dns2.panic.mil,
with IP addresses 220.127.116.11 and 18.104.22.168.
These computers have two functions:
Before you upgrade from BIND,
you will have to put these two different functions on
different IP addresses,
as explained here.
- They are DNS servers, publishing information about your own hosts.
You are editing that information on dns1.panic.mil;
dns2.panic.mil is using zone transfers
to copy the information from 22.214.171.124.
- They are DNS caches, finding addresses of other Internet hosts.
Your client computers
have nameserver 126.96.36.199
and nameserver 188.8.131.52 in /etc/resolv.conf.
1. Allocate two new public IP addresses in your network,
let's say 184.108.40.206 and 220.127.116.11.
2. On dns1.panic.mil, as root:
Set up 18.104.22.168 as an
3. On dns2.panic.mil, as root:
Set up 22.214.171.124 as an IP alias.
Change 126.96.36.199 to 188.8.131.52 in the masters lines
4. On dns1.panic.mil, as root:
In your BIND zone files,
change the IP address of dns1.panic.mil from 184.108.40.206 to 220.127.116.11,
create a new dnscache1.panic.mil name with IP address 18.104.22.168,
change the IP address of dns2.panic.mil from 22.214.171.124 to 126.96.36.199,
and create a new dnscache2.panic.mil name with IP address 188.8.131.52.
Tell BIND to read the new zone files.
5. Contact the .mil parent server to make the same changes
in the IP addresses of dns1.panic.mil and dns2.panic.mil.
6. If you have other NS names pointing to BIND
if dns1.panic.mil is also known
repeat steps 4 and 5 for those names.
7. Wait a few days for the modified DNS records
to spread through the Internet.
Upgrading the cache
Here's the current situation:
You can now follow the
strategy 3 instructions.
Those instructions will
switch the DNS-cache software from BIND to dnscache,
leaving BIND in place as the DNS-server software.
- You have one computer with IP addresses
184.108.40.206 (dnscache1.panic.mil) and
and another computer with IP addresses
220.127.116.11 (dnscache2.panic.mil) and
- You have DNS servers running on 18.104.22.168 and 22.214.171.124.
Computers around the Internet are contacting 126.96.36.199 and 188.8.131.52
for the addresses of your hosts.
- You have DNS caches running on 184.108.40.206 and 220.127.116.11.
Your clients are contacting 18.104.22.168 and 22.214.171.124
for the addresses of Internet hosts.