Information
BIND can be configured to restrict access to its resolver cache. This is made possible by the allow-query-cache option. It is recommended that this option be utilized to restrict access to the server's cache.
Rationale:
Using allow-query-cache in conjunction with an ACL of trusted clients will prevent unauthorized access to cached content. Additionally, the exposure of vulnerabilities present in BIND's query handlers is reduced by this configuration as requests originating from untrusted entities will be rejected before the request is fully parsed by named
Solution
1. Set up an ACL in named.conf containing clients that are allowed to query the cache.
2. Set allow-query-cache and allow-recursion in the global options of named.conf