[Unbound-users] Unbound doesn't cache ANY query result from some DNSSEC-signed zone
wouter at nlnetlabs.nl
Mon Jun 10 11:21:56 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 05/30/2013 02:41 PM, Daisuke HIGASHI wrote:
> Unbound doesn't cache ANY query result from some DNSSEC-signed
> zone. In this case Unbound always emits query to name server per
> user query.
> # unbound doesn't cache dig @::1 jp. ANY dig @::1 fr. ANY
> # unbound caches dig @::1 com. ANY dig @::1 nl. ANY
> I noticed that no-cached-name has NSEC3PARAM with TTL=0. It seems
> that Unbound kills query result cache obtained by ANY query when
> any one of the RRSets expires. Is it reason for no-cache?
Yes TTL=0 is not cached. This is a must from the RFC.
Unbound does not 'gather up' RRs from cache to answer ANY, but asks
the set of RRs upstream. The search through the cache would slow it down.
> I don't know whether it's Unbound's bug or NSEC3PARAM with TTL=0
> is illegal but Unbound serving applications making ANY-query
> (qmail?) would make excessive queries to name servers.
Yes. But not many normal ANY queries. TTL=0 is legal. Unbound's
behaviour for the ANY query is not really specified. So for cache
efficiency and easy it gets the query from upstream.
cache-min-ttl could perhaps change unbound's behaviour here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Unbound-users