Maintained by: NLnet Labs

[Unbound-users] Maximum TTL for negative cache

Tomas Hozza
Mon Jun 8 09:43:09 CEST 2015


I was trying to find out, if it is possible to limit the maximum TTL for
caching negative answers with unbound. I was able to find
the limit for maximum TTL for any answers (cache-max-ttl) and for
bogus answers (val-bogus-ttl).

Is it really not possible to set negative cache maximum TTL?

In Fedora we plan to use Unbound + dnssec-trigger by default
from Fedora 23. For the beginning we would like to limit the
TTL for negative cache, since there were some concerns raised
on the Fedora devel-list. These were mostly resolved, but
to be safe, we still want to limit the TTL for negative cache.


Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

Red Hat Inc.