Maintained by: NLnet Labs

[Unbound-users] Unbound doesn't cache ANY query result from some DNSSEC-signed zone

Daisuke HIGASHI
Thu May 30 14:41:21 CEST 2013


Hi,

Unbound doesn't cache ANY query result from some DNSSEC-signed zone.
In this case Unbound always emits query to name server per user query.

# unbound doesn't cache
dig @::1 jp. ANY
dig @::1 fr. ANY

# unbound caches
dig @::1 com. ANY
dig @::1 nl. ANY

I noticed that no-cached-name has NSEC3PARAM with TTL=0. It seems that
Unbound kills query result cache obtained by ANY query when any one of
the RRSets expires. Is it reason for no-cache?

I don't know whether it's Unbound's bug or NSEC3PARAM with TTL=0 is
illegal but Unbound serving applications making ANY-query (qmail?)
would make excessive queries to name servers.

Regards,
--
Daisuke HIGASHI <daisuke.higashi at gmail.com>