Maintained by: NLnet Labs

[Unbound-users] Inconsistent TTL in (nxdomain) responses,

Leen Besselink
Mon Mar 14 12:59:15 CET 2011

On 03/07/2011 09:13 AM, W.C.A. Wijngaards wrote:
> Hi Michael,
> On 03/06/2011 11:13 PM, Slingerland, Michael van wrote:
> > Hi,
> > I configured a stub-zone for testing a new zone that solely responds
> > nxdomain with a min ttl of 1 week on all PTR's
> > Assumption is that unbound would limit the TTL to the value configured
> > in unbound.conf that equals 1 day by default.
> > cache-max-ttl: 86400
> Yes that works.  This TTL is used internally, the client sees the
> original large TTL value.


What about the 'other way around' ?

Is there a TTL-value setting in Unbound which will send a lower TTL to
clients and keep it cached normally ?

I've found this to be very useful for people who deal with frequently
changing domains and using them shortly after.

Because it is pretty easy to just clear the cache (of that DNS-entry)
centrally at the recursors, through the same webinterface which also
handles doing DNS changes.

I currently point these users at a dnscache which forwards queries to a
'normal' recursor. It has a HIDETTL-setting, although it sets the TTL to
0. That is really very low.

Thus not so great.

Have a nice day,