Maintained by: NLnet Labs

[Unbound-users] TTL for Negative Responses

Ondřej Surý
Tue Jan 31 16:27:27 CET 2012


Setting MINIMUM value in SOA doesn't help? (RFC 2308)

On Mon, Jan 30, 2012 at 21:26, Paul Taylor <PaulTaylor at winn-dixie.com> wrote:
> Another DNS product I’ve looked at has two options relative to max cache
> time…  A time for Positive responses, and a different time for Negative
> responses.
>
>
>
> We are looking for this because on our local domain, sometimes servers
> unregister in Active Directory DNS upon reboot.  This just happened today
> with one of our servers.  After the reboot, it was no longer in DNS.  Since
> Unbound forwards our local domains to our AD DNS servers, it didn’t give us
> a response for this DNS name.  I manually ran ipconfig /registerdns on the
> server once we determined what had happened and within a few minutes, it was
> resolving again in AD, but some 10 minutes later it was still returning no
> address when we queried our test Unbound server.  Finally, I recycled
> Unbound, and then queried it for this name, and it returned the expected
> IP.
>
>
>
> I’m not 100% sure what happened, but it looks like Unbound queried the AD
> DNS servers and cached a negative response for this hostname.  It looks like
> Unbound then kept this cached information until I restarted Unbound.
>
>
>
> Ideally, we’d like to have a “negative cache ttl” set to 60 or 120 seconds,
>  so when a host unregisters itself, then re-registers, Unbound would pick up
> on the re-registration fairly quickly, instead of caching the negative
> response…  (Assuming this is what happened above)
>
>
> Am I requesting a new feature?  Or is there an existing setting that does
> this that I’ve overlooked?
>
>
>
> Thanks,
> Paul
>
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users



-- 
Ondřej Surý <ondrej at sury.org>