Sven Ulland
Thu Jul 2 10:26:16 CEST 2015

On 07/01/2015 07:39 PM, Christoph Kaminski wrote:
> ok thx for your answer... I have one question more. Sometimes I need
> to restart unbound in order that it can resolve a new added DNS
> record. I think the default cache times are to long for us. It is
> possible to make them shorter? The best would be if it only uses the
> cache if it cant reach any forwarder. Possible?

Are you referring to the situation that happens when you query for
a non-existing name, and Unbound caches the authoritative NXDOMAIN
reply from the zone servers – and then you add the name to the zone,
but Unbound has cached the NXDOMAIN and still returns that as a reply?

If no: Please explain the situation.

If yes: Are you the zone admin? Unbound is correctly caching the
authoritative response from the zone servers. This is called negative
caching and has its own RFC due to
all the subtleties involved.

In short, you may have success with tuning the zone's SOA minimum
