Maintained by: NLnet Labs

NXDOMAIN cache

Alexandre J. Correa (Onda)
Sun Oct 25 17:34:40 CET 2015


;; ANSWER SECTION:
dnsbl.spfbl.net.        1440    IN      SOA     dnsbl.spfbl.net. 
dnsbl.spfbl.net. 2015102500 1800 900 604800 86400


Em 25/10/2015 05:59, Dave Warren via Unbound-users escreveu:
> On 2015-10-24 22:55, Alexandre J. Correa (Onda) via Unbound-users wrote:
>> Hello,
>>
>> My first e-mail comes with some questions.. :)
>>
>> 1- Unbound can cache NXDOMAIN responses ?
>> 2- Unbound can change/force the TTL of NXDOMAIN as i define ??
>>
>>
>> the purpose of force/change TTL of NXDOMAIN is for a project to fight 
>> SPAM ak. SPFBL[1].
>> Because of the project´s success here (Brazil), i need to increase 
>> the cache of NXDOMAIN on mirror servers to lower cpu usage...
>>
>>
>> afaik, TTL of NXDOMAIN came from SOA records, but in my tests, 
>> unbound cache responses for only 4 seconds ..
>>
>> if i flood with 20 queries like:
>>
>> # dig @localhost 1.0.0.127.dnsbl.spfbl.net
>>
>> the first query goes to 'central' server -- OK, expected (cache is 
>> empty)
>> the others 19 queries came from cache -- OK, expected
>>
>> waiting 10 seconds, and flood again..
>>
>> the first query goes to 'central' server -- NOT OK, expected come 
>> from local cache ...
>>
>>
>> How i can force the TTL of NXDOMAIN using unbound ??
>
> What is the negative result TTL if you use this command:
>
> dig 1.0.0.127.dnsbl.spfbl.net +trace +nodnssec
>
> The server matrix.spfbl.net. doesn't respond from here, but using 
> Spamhaus, the tail of the +trace command would show this:
>
> dig 1.0.0.127.xbl.spamhaus.org +trace +nodnssec
>
> xbl.spamhaus.org.       150     IN      SOA     need.to.know.only. 
> hostmaster.spamhaus.org. 1510250741 3600 600 432000 150
> ;; Received 108 bytes from 217.149.192.170#53(a.ns.spamhaus.org) in 
> 161 ms
>
> This tells us that the response can only be cached for 150 seconds.
>
> Unbound has a "cache-max-negative-ttl", but no minimum is listed at 
> https://unbound.net/documentation/unbound.conf.html
>


-- 
Sds.

Alexandre Jeronimo Correa
Sócio-Administrador

Office: +55 34 3351 3077

Onda Internet
www.onda.net.br