Maintained by: NLnet Labs

[Unbound-users] negative cachetime

Dave Warren
Tue Mar 10 08:58:30 CET 2015


On 2015-03-10 00:04, A. Schulze wrote:
> How long I have to wait until unbound forget the NXDOMAIN
> and fetch new data from authoritative server? Could that be controlled 
> somehow?
>
> The SOA-Reord for example.org looks like this:
> example.org. 12967 IN SOA example.org. hostmaster.example.org. 
> 1501261358 43200 7200 2419200 86400

Up to 86400 seconds, or 24h in this example.

Originally the final parameter in a SOA record was the minimum TTL, and 
doubled as a default TTL, but it's now used to control the time a 
NXDOMAIN should be cached, so in your example, it's 24 hours. Note that 
RFC 2308 actually limits this to 3 hours.

http://www.zytrax.com/books/dns/apd/rfc2308.txt has all the details, but 
http://www.zytrax.com/books/dns/ch8/soa.html gives a quick overview.

I don't believe unbound can control how long a negative cache record 
lasts, only the neg-cache-size (in bytes), but I believe that this will 
still respect cache-max-ttl as well.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren