Maintained by: NLnet Labs

[Unbound-users] TTL for Negative Responses

Paul Taylor
Mon Jan 30 21:26:15 CET 2012


Another DNS product I've looked at has two options relative to max cache
time...  A time for Positive responses, and a different time for
Negative responses.  
 
We are looking for this because on our local domain, sometimes servers
unregister in Active Directory DNS upon reboot.  This just happened
today with one of our servers.  After the reboot, it was no longer in
DNS.  Since Unbound forwards our local domains to our AD DNS servers, it
didn't give us a response for this DNS name.  I manually ran ipconfig
/registerdns on the server once we determined what had happened and
within a few minutes, it was resolving again in AD, but some 10 minutes
later it was still returning no address when we queried our test Unbound
server.  Finally, I recycled Unbound, and then queried it for this name,
and it returned the expected IP.  
 
I'm not 100% sure what happened, but it looks like Unbound queried the
AD DNS servers and cached a negative response for this hostname.  It
looks like Unbound then kept this cached information until I restarted
Unbound.
 
Ideally, we'd like to have a "negative cache ttl" set to 60 or 120
seconds,  so when a host unregisters itself, then re-registers, Unbound
would pick up on the re-registration fairly quickly, instead of caching
the negative response...  (Assuming this is what happened above)

Am I requesting a new feature?  Or is there an existing setting that
does this that I've overlooked?
 
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20120130/b582f54d/attachment-0001.html>