Maintained by: NLnet Labs

[Unbound-users] negative cachetime

Dave Warren
Tue Mar 10 08:58:30 CET 2015

On 2015-03-10 00:04, A. Schulze wrote:
> How long I have to wait until unbound forget the NXDOMAIN
> and fetch new data from authoritative server? Could that be controlled 
> somehow?
> The SOA-Reord for looks like this:
> 12967 IN SOA 
> 1501261358 43200 7200 2419200 86400

Up to 86400 seconds, or 24h in this example.

Originally the final parameter in a SOA record was the minimum TTL, and 
doubled as a default TTL, but it's now used to control the time a 
NXDOMAIN should be cached, so in your example, it's 24 hours. Note that 
RFC 2308 actually limits this to 3 hours. has all the details, but gives a quick overview.

I don't believe unbound can control how long a negative cache record 
lasts, only the neg-cache-size (in bytes), but I believe that this will 
still respect cache-max-ttl as well.

Dave Warren