[Unbound-users] Caching 'invalid response' or at least knowing not to look it up again...
Karl Pielorz
kpielorz_lst at tdx.co.uk
Mon Sep 17 08:46:29 UTC 2012
--On 17 September 2012 09:22 +0200 "W.C.A. Wijngaards"
<wouter at nlnetlabs.nl> wrote:
> There is no setting in the config file, but there is a constant in the
> software code, in util/data/msgparse.h:78, NORR_TTL. You can change
> this to a higher value and recompile if you want to store failed
> queries for a longer time.
>
>> This would dramatically cut the number of these queries being
>> issued against our forwarders.
>
> But, the problem with a large timeout here, and the reason for this
> 'fairly short but nonzero value' there is now, is that for many
> queries, a retry may solve the situation. A large value here would
> turn a temporary failure that would otherwise be unnoticed after it
> works a minute later, into a longterm failure.
Ok, that's is obviously a valid point - which we'll bear in mind. I think
looking at our query load, we could get away with setting that to either
30s or 1 minute. We tend to find these queries for invalid domains arrive
in 'blocks' - 30s or 1m would be long enough to ensure they all 'fail' from
cache - but should be short enough that it doesn't mess up for sites that
genuinely return an error for a 'short period' - but I do take your point
on board.
tbh - Most the sites we see returning this kind of error look like typos,
abandoned domains - or other 'nasties'.
I'll have a look at re-compiling with that adjustment, and see how we get
on.
Thanks,
-Karl
More information about the Unbound-users
mailing list