Maintained by: NLnet Labs

[Unbound-users] Caching 'invalid response' or at least knowing not to look it up again...

Karl Pielorz
Mon Sep 17 10:46:29 CEST 2012



--On 17 September 2012 09:22 +0200 "W.C.A. Wijngaards" 
<wouter at nlnetlabs.nl> wrote:

> There is no setting in the config file, but there is a constant in the
> software code, in util/data/msgparse.h:78, NORR_TTL.  You can change
> this to a higher value and recompile if you want to store failed
> queries for a longer time.
>
>> This would dramatically cut the number of these queries being
>> issued against our forwarders.
>
> But, the problem with a large timeout here, and the reason for this
> 'fairly short but nonzero value' there is now, is that for many
> queries, a retry may solve the situation.  A large value here would
> turn a temporary failure that would otherwise be unnoticed after it
> works a minute later, into a longterm failure.

Ok, that's is obviously a valid point - which we'll bear in mind. I think 
looking at our query load, we could get away with setting that to either 
30s or 1 minute. We tend to find these queries for invalid domains arrive 
in 'blocks' - 30s or 1m would be long enough to ensure they all 'fail' from 
cache - but should be short enough that it doesn't mess up for sites that 
genuinely return an error for a 'short period' - but I do take your point 
on board.

tbh - Most the sites we see returning this kind of error look like typos, 
abandoned domains - or other 'nasties'.

I'll have a look at re-compiling with that adjustment, and see how we get 
on.

Thanks,

-Karl