Maintained by: NLnet Labs

NXDOMAIN cache

Dave Warren
Mon Oct 26 20:26:28 CET 2015


On 2015-10-25 09:20, Stephane Bortzmeyer via Unbound-users wrote:
> On Sun, Oct 25, 2015 at 12:59:23AM -0700,
>   Dave Warren via Unbound-users <unbound-users at unbound.net> wrote
>   a message of 58 lines which said:
>
>> Unbound has a "cache-max-negative-ttl", but no minimum is listed at
>> https://unbound.net/documentation/unbound.conf.html
> I disagree, there is:
>
>   cache-min-ttl: <seconds>
>                Time to live minimum for  RRsets  and  messages  in  the  cache.
>                Default  is  0.  If the minimum kicks in, the data is
> 	      cached for ...
>
> Note that, unlike cache-max-ttl, it is a violation of the protocol
> and, of you use it, horrible things may happen.

Doesn't this control minimum TTLs on all queries, not just negative 
results?

At least in the context of a mail server, over-caching negative results 
will only cause a small amount of pain whereas over-caching positive 
results may cause real deliverability problems.

If this instance of Unbound only handles DNSBL traffic and nothing else, 
then it's possibly not-too-dangerous, at least if the minimum is kept 
reasonable. A handful of minutes, perhaps?

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren