home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC-Online 1996 May
/
PCOnline_05_1996.bin
/
linux
/
source
/
n
/
bind
/
bind-4.001
/
bind-4~
/
bind-4.9.3-BETA9
/
conf
/
Info.History
< prev
next >
Wrap
Text File
|
1994-07-21
|
2KB
|
27 lines
This feature was once OPTIONal:
CRED (origin: Paul Vixie of Digital)
enables a system of "credibility checking" on all data in the memory-
resident database. every RR that comes in will be tagged with a credibility
index with zone files being highest, followed by authoritative answers, then
non-authoritative answers, then finally by additional data. when any RR is
being added to a node ("name") in the database, all RR's of that type with a
lower credibility index will be flushed. this tends to do away with additional
data, which is one of the greatest sources of database pollution in the DNS.
data that comes in with lower credibility than what we already have is ignored.
with CRED enabled, additional data is deprecated such that every
time an additional-data RR is used, its Time To Live (TTL) is multiplied by
0.95, effectively lowering it by 5% of its current value. this causes
additional data to be timed out rather quickly, and as soon as it times
out, a sysquery() will be sent to some authoritative server, which in turn
results in a real live answer which tends to lock out future additional
data on that <name,type> tuple.
due to source dependencies, CRED also controls a bug fix that keeps
all sysquery() responses from being entered into the "root cache". you can
see the effect of this by dumping your database to disk with SIGINT and
looking at the bottom of the file. try it with and without CRED, letting a
few million queries through first. without CRED, you'll see a bunch of
non-root junk in the section of the dump that is reserved for the "hints".
you probably want this.